In September 2017, the National Institute of Standards and Technology (NIST) released Special Publication (SP) 800-190, Application Container Security Guide. NIST SP 800-190 explains the security concerns associated with container technologies and recommendations for the image details and container runtime security. It provides prescriptive details for various sections including image, registry, orchestrator, container and host OS countermeasures.
A person recently asked me if it was possible to implement ISO 27001 using a specific project management software product. They used the tool in the past to define project plans and make project reviews. While I told them this is entirely possible, the truth is one can implement ISO 27001 even without a project plan or any specific tools. But should they?
It is rightly said that “Prevention Is Better Than Cure.” This maxim can also be applied in information technology in terms of IT risks. Risk mitigation is a process whereby an enterprise takes some proactive measures or use some strategies to mitigate or eliminate risks altogether in order to prevent or reduce damage to the organization. The following sections gain an insight into some popular risk mitigation strategies organizations are looking for in 2019.
Keeping an organization’s IT assets secure in this day and age is a challenge. The sands of the information security landscape are constantly shifting, and it can be difficult for practitioners to find solid footing; to identify those initiatives that will net the greatest return on security spend. Each day seems to bring another emerging concern in the threat landscape.
The importance of a mature vulnerability management program can’t be overstated. File integrity monitoring (FIM) and security configuration management (SCM) might be the bedrock of a strong cybersecurity program, but they can only go so far. Scanning for vulnerabilities needs to be a foundational part of your program, too.
Once upon a time, protecting critical data assets meant keeping printed confidential information in locked boxes labeled top secret. As long as these boxes were kept in secured areas, all was well. Today, information has no such physical boundaries. Network perimeters and firewalls have become the new walls, and data classification schemas are the new box labels. This shift led to an evolution in how companies protected their data from leaving their environments.
Governance, risk, and compliance (GRC) have become buzzwords in cybersecurity. As governments and industry standards organizations respond to the data breach landscape by creating new compliance requirements, governance has become fundamental to creating an effective risk management program. Auditing governance requires organizations to communicate with internal and external stakeholders.
They say that bad things always come in threes. The adage may testify to little but the popularity of superstition, but for security executives today, this notion regrettably passes muster. Crime, complexity and cost are three foes that every CISO must face, and while most companies think crime is the enemy, in many cases it is the latter two heads of this “cyber-cerberus” that deliver the most certain bite.