Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Vulnerability Management: Myths, Misconceptions and Mitigating Risk

Vulnerability Management is a much-talked-about practice in the IT security industry. Whether it is the debate on vulnerability scoring, how to implement a suitable vulnerability management program based on your own resources or even trying to convince leadership a vulnerability management solution alone won’t solve all your cybersecurity issues, the debate is still strong.

Why Should You Investigate Security Threats?

Cyber space is continuously evolving and so are the attack techniques employed by the attackers to harm a business, whether financial or reputational. With the increased malicious activities on the internet, cyber security is not a 9-to-5 job anymore. It requires continuous security monitoring of your organization’s technical infrastructure so that even if a security incident occurs, it is contained immediately and mitigated without causing large-scale damage to the organization.

The Responsibilities of a Compliance Manager

Being a compliance manager can sound tedious to a lot of people. When people think about compliance, they often think in terms of checking boxes on audit forms. However, compliance management is more like putting together a puzzle without having the cover picture. Compliance issues come from a variety of regulations and industry standards, often overlapping while sometimes being disconnected.

Online reputation management: how to control what's out there

Your reputation is one of the most powerful assets you can have as a successful businessperson. Having a reputation for honesty and quality can be the key to locking down major clients or building a standing in a fledgling market. Alternatively, having a poor reputation can be detrimental to the point of completely running you out of business.

Scaling up Security with DevOps and CI/CD practices

Some believe that “whatever can be automated, should be automated” and in general benefits include faster production, consistency in product and quality, rolling back from failures and all allowing employees to focus on more creative and analytical tasks. The same can be said for the automation of quality assurance and security of developer coding and programming.

Information on open source vulnerabilities is as distributed as the community

Nothing gets the AppSec / InfoSec community abuzz quite like a good old 0-day vulnerability. I mean, what’s not to love here? These vulnerabilities involve the thrill of adversaries knowing something we don’t, giving them a path to sail through our defenses to break into that sweet data inside. They are the James Bond of the security space — suave, sexy, and deadly.

Vulnerability Management Metrics: The Final Frontier

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects. In this part, we will look at the operational level reports that can assist in focusing efforts to reduce the risk to the business.