In many cases, penetration testing – a type of ethical hacking engagement designed to identify and address security vulnerabilities in networks, systems and applications – is required. Sometimes this requirement is specified directly, while in other cases it is implied by a need to build audit or assessment processes to mitigate cyber risk. This blog identifies some of the most common pen testing standards and regulations and provides guidance about the type of testing required.

Third-party risk management (TPRM) is the process of analyzing and minimizing risks associated with outsourcing to third-party vendors or service providers. This is commonly known as third-party risk or vendor risk and can include financial, environmental, reputational, and security risks due to a vendor's access to intellectual property, sensitive data, personally identifiable information (PII), and protected health information (PHI).

Léargas Security (Léargas is Gaelic for “insight”) provides clients with actionable insights into anomalous or abstract behaviors through the correlation of data gathered from converged security controls: cyber and physical.

Threat hunting is one of the most critical activities performed by SOC teams. Once an alert triggers and a tier-1 analyst assesses it and sends it up the line for further evaluation by a more senior analyst, the race is on. Hunting down the threat as quickly as possible, before it can wreak havoc on the organization, becomes the top priority.

As many businesses have begun to work almost entirely remotely until an as-yet-to-be-determined date, they have had to plan for activities that took place largely in person in the past. For example, many compliance audits have gone virtual in these times of uncertainty. This shift has forced organizations to adjust how they prepare and plan. But even in these times of uncertainty, it is your organization’s responsibility to stay sharp and on track with security knowledge, planning, and response.

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our June 2020 roundup of compliance news from around the United States, and around the world.

This Investigation was initiated on the basis of several Network Anomaly alarms triggered by ongoing suspicious activity on an employee device owned by a financial institution. During the discovery phase of the Investigation, we identified abnormal egress traffic to a known Indicator of Compromise (IOC) based on intelligence from the Open Threat Exchange™ (OTX®).

Are you struggling to hire skilled digital security talent in 2020? If so, you’re not alone. According to a Tripwire study on the infosec skills gap, 82% of security experts said that their teams were understaffed; nearly the same proportion (83%) indicated that they were feeling more overworked going into 2020 than they were a year prior.