The need for a mature cybersecurity process in today’s corporate environment is becoming ever more critical. As hackers are becoming more and more sophisticated, so our management and defense systems should also be strengthened accordingly. While there are many components that make up a solid security program within an organization, today, we will shed a light on one essential of these components, which is a vulnerability management maturity model.

Engaging third-party vendors for the provision of goods and services is not a new concept, so why has vendor risk management become so important? Vendor risk management is important because managing vendor risk is foundational to cybersecurity, ensuring business continuity and maintaining regulatory compliance. A robust vendor risk management (VRM) program can help organizations under their vendor risk profile and mitigate third-party and fourth-party risk rather than relying on incident response.

Back in the early 2010s, a Forrester researcher, John Kindervag, noticed that corporations had a binary view of trust and privilege. Once new employees have completed training, they are given full access to all the tools and VPNs needed to get their job done. Once they are logged on, they are trusted completely. Kindervag noticed that “trust” is a vulnerability that can be exploited. Since then, awareness of Zero Trust implementations has grown, in particular Google’s BeyondCorp.

There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my opinion, is the low attention of both the customer and developers to this aspect in the initial stages of the project and, at the same time, insufficient assessment of the impact of necessary requirements.

Today is Data Privacy Day, an event sponsored by the National Cyber Security Alliance. The intent is to promote awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. At a time when we transact with all manner of data in so many form factors, we are inclined to overlook the importance of measures that keep our data and content safe.

The ionCube Encoder provides two ways to add licensing restrictions to encoded files. The method we encourage most is via license files as this provides the more efficient solution because you only need to encode your files once and then can generate a separate license file for each customer. The license file can then be updated without needing to re-encode each time.

I’ve seen Tweets and heard many discussions about certifications, like CISSP, CEH, OSCP and so on, in InfoSec. No doubt certifications have value – in many situations hiring managers are quickly going through resumes and certifications are symbolic of at least book-learning, and some degree of dedication to InfoSec. Certifications can be expensive and time consuming so having them clears the bar of at least slightly dedicated.

Beats are lightweight, purpose-built agents that acquire data and then feed it to Elasticsearch. Beats use the libbeat framework that makes it easy to create customized beats for any type of data you’d like to send to Elasticsearch. Auditbeat is a lightweight shipper from the Beats family that you can install on your servers to audit the activities of users and processes on your systems.

Barely a week after Patch Tuesday, internet security company Qihoo 360 has discovered yet another vulnerability in Internet Explorer (IE), this time due to a remote code execution vulnerability in the jscript.dll scripting engine. The vulnerability, identified as CVE-2020-0674, is considered Critical for IE 11, and Moderate for IE 9 and IE 10.

NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in nonfederal systems and organizations.