Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Weekly Cyber Security News 18/01/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. There has been some amazing breach notifications this week, none of which I will comment on as there’s plenty of articles already. First item of comment this week is an interesting article commenting on various hosting providers – are they fair points? How far should our trust go in that any service provider of any kind is doing their best to look after both ours, and their, property?

PCI DSS Compliance: An Overview

The Payment Card Industry (PCI) comprise all credit card providers including Visa and MasterCard. These entities are required to uphold the integrity of the cardholders' information to prevent any breach. While complying with the PCI DSS requirements can be overwhelming, it is necessary since it'll enable you to develop stringent measures to store and protect the cardholders' data.

The Dark Web has a Serious Deduplication Problem

In a post released on 1/8/19, I wrote about the record number of breaches in 2018. This brought to mind a podcast that I was listening to a few days back hosted by Corey Nachreiner, CTO of WatchGuard Technologies, Inc. on his 443 Podcast. Corey discussed the potential data deduplication problem on the Dark Web.

Questions to Consider When Choosing a SOAR Solution

Security Orchestration, Automation, and Response (SOAR) solution effectively deal with information security challenges and provide better defence against cyber threats. However, the organizations must be aware of important questions before deploying the SOAR solution. The following sections will take a deep dive to elaborate on these questions.

How To Get Compliant and Stay Agile

Agile companies do things faster. When you think about agile regarding lean startup model, you focus on quick wins, ruthless prioritization, external focus, and continuous improvement. At its core, agile development relies on continuous testing leading to continuous improvement. In cybersecurity, continuous monitoring enables an agile continuous compliance stance.

Cybersecurity Is Every Leader's Job

Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across industry sectors, the titles associated with these roles may vary greatly from CEO to Managing Director to Owner-Operator and beyond, but they share common traits.

GDPR Requirements for Cookie Policies

As a business owner, you know the European Union (EU) General Data Protection Regulation (GDPR) went into effect in May 2018. However, one of the most confusing aspects for a lot of businesses, large and small, has been the infamous “cookie policy.” No matter where your business resides, your website reaches customers protected by the GDPR which means you need to understand how to implement a GDPR compliant cookie policy.

Software Bill of Materials (SBoM) - Does It Work for DevSecOps?

There has been much discussion of a “software bill of materials” (SBoM) lately, for use when addressing security vulnerabilities. Many are curious, wanting to learn more. Googling the term gives lots of positive descriptions. This post will go negative, describing problems with the concept.

Adding CVE scanning to a CI/CD pipeline

A Docker image contains an application and all its dependencies. As it also contains the numerous binaries and libraries of an OS, it’s important to make sure no vulnerabilities exist in its root filesystem, or at least no critical or major ones. Scanning an image within a CI/CD pipeline can ensure this additional level of security.