Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

What are Internal Control Weaknesses?

A control weakness is a failure in the implementation or effectiveness of internal controls. Malicious actors leverage internal control weakness to circumvent even the most robust security measures. The wide range of internal controls, the increased number of new technologies, and the rate at which malware evolves necessitate data security control monitoring. Regularly monitoring allows organizations to test the effectiveness of their internal controls and expose weaknesses in their implementation.

The art of pushing left in application security

Today, software is being developed at a breakneck speed. Agile development and the aggressive adoption of DevOps is leading to an abundance of functionality and feature sets, or pieces of code pushed out to consumers at a record pace. These one-click opportunities may indeed get us what we want, however, the game remains the same. The Achilles Heel is security vulnerabilities, regardless of technology maturity or speed of release.

Centralized vs. Distributed Authorization: The CAP Theorem

One of the best parts of working on the Open Policy Agent at Styra is that we get to help people design authorization systems for both their platform and their custom applications. The other day we were talking someone through the design tradeoffs of authorization for their application, and the first decision they had to make was whether they wanted a centralized authorization system or a distributed authorization system. Both OPA and Styra support either, so we have no real bias.

How to Check the Integrity of a File?

In the world of cyber warfare, the internet has become a vital part of every walk of life. When it comes to downloading a file from the internet to your laptop or PC, you cannot be guaranteed a 100% safety due to the existence of fast and sophisticated cyber threats. Security vulnerabilities, data breaches, viruses, and malware have become very common and result in exploitation of the originality, integrity, and authenticity of any file you download from the internet.

What does the CISO say? A Tweetchat roundup

On 18th April 2019, @ATTCyber gathered a panel of CISOs (and recovering CISOs) for a tweetchat to discuss some of the questions that we’ve always wanted to put to senior security folk. The virtual panel consisted of Thom Langford, Quentyn Taylor, James Gosnold, Andy Rose and Raj Goel; with participation from many others. Below I’ve summed up some of the key discussion points around each questions.

With Great Freedom Comes Great Cloud Responsibility

Modern digital & cloud technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way. Historically, organisations would invest in their own IT infrastructure to support their business objectives, and the IT department’s role would be focused on keeping the ‘lights on.’ To minimize the chance of failure of the equipment, engineers traditionally introduced an element of redundancy in the architecture.

7 Ways to Make your Workforce More Productive

The US Department of Labor states that most people work an average of eight hours a day, but the question is, how many of those hours are productive? Employee productivity has been getting a lot of attention lately, and some studies show that workers spend only three hours per day on work tasks. Even if that figure is somewhat exaggerated, the point is that your employees may be busy with unproductive activities while they are on the job.

Continuous Auditing vs Continuous Monitoring

Monitoring is an established component of the information security process which goes hand in hand with auditing. Auditing is used to document an organization’s compliance activities. Where monitoring protects the data by responding to threats, Auditing provides proof of a continued compliance effort. By taking a “security-first” approach, companies can use continuous auditing and monitoring to provide evidence of their cybersecurity protections.

Don't focus 100% on security

In recent months, I have met many people who are interested in working in Cybersecurity. This is wonderful, especially given the amount of available employment opportunities in this field. Like any ambitious person, the people who approach me to ask about getting into the field want to fully immerse themselves in “all things security”. This is admirable, but I often advise them to slow down a bit, and not quit their day job.