Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Top 10 Australian Cybersecurity Frameworks in 2021

If you're an Australian business and confused about which cybersecurity frameworks you should be complying with, you're not alone. Unlike the United States, Australia currently doesn't have clear mandatory minimum cybersecurity standards for businesses. This is likely to change in the near future. The Australian government is being pressured to follow the United State's lead in lifting the Nation's security posture.

Data Loss vs. Data Leaks: What's the Difference?

Data loss refers to the unwanted removal of sensitive information either due to an information system error, or theft by cybercriminals. Data leaks are unauthorized exposures of sensitive information through vulnerabilities on the digital landscape. Data leaks are more complex to detect and remediate, they usually occur at the interface of critical systems, both internally and throughout the vendor network.

How to Comply with CPS 234 (updated for 2021)

Prudential Standard CPS 234 Information Security (CPS 234) is an APRA prudential standard. Australian Prudential Regulation Authority’s (APRA) mission is to establish and enforce prudential standards designed to ensure that, under all reasonable circumstances, financial promises made by its regulated entities are met within a stable, efficient, and competitive financial services sector.

Inherent Risk vs. Residual Risk (Quick Explanation)

Inherent risks include all risks that are present without any security controls. Residual risks are the risks that remain after security controls are implemented. Residual risks are inevitable. Even with an abundance of security controls, vestiges of residual risks will remain that could expose your sensitive data to cyber attacks.This is because the proliferation of digital transformation expands the digital landscape, creating more attack vectors.

DigitalOcean vs Linode

Chances are, if you’re shopping for a virtual private server, you already understand why they’re useful for web developers, app designers and everyone in between. You also probably know that the surge in popularity of hourly pricing means you can try most of the big players in this space for yourself for the cost of one Bazooka Joe comic (not even the gum, just the comic).

What is Residual Risk? Why it Matters So Much in 2021

Residual risk is the threat or vulnerability that remains after all risk treatment and remediation efforts have been implemented. Even with an astute vulnerability sanitation program, there will always be vestiges of risks that remain, these are residual risks. Because they will always be present, the process of managing residual risk involves setting an acceptable threshold and then implementing programs and solutions to mitigate all risks below that threshold.

Overview: Custom Questionnaire Builder by UpGuard

Digital transformation is creating unpredictable mutations across the attack surface. As a result, some third-party risks have outgrown the discovery mechanisms offered by the hundreds of standard security frameworks currently available. To cater to these growing use cases, UpGuard has introduced custom questionnaires to its industry-leading third-party risk management platform. Custom questionnaires are vendor security questionnaires that you can design yourself.

What is a DDoS Attack and How Does it Work?

A Distributed Denial of Service (DDoS) attack, is an illegal attempt to make a website unavailable by overloading its server with high amounts of fake traffic. The onslaught of malicious connection requests places legitimate visitors at the back of an undiminishing traffic queue which prevents the website from loading.

What is Threat Modelling? 10 Threat Identity Methods Explained

Threat modelling is a process for identifying potential threats to an organization's network security and all the vulnerabilities that could be exploited by those threats. Most security protocols are reactive - threats are isolated and patched after they've been injected into a system. Threat modelling, on the other hand, is a proactive approach to cybersecurity, whereby potential threats are identified and anticipated.

What is FIPS 140-3? The Critical Updates You Must Be Aware Of

FIPS 140-3 is the long-awaited update to FIPS 104-2 which was established on May 25, 2001. This updated validation process is finally capable of addressing the cryptographic modules that have evolved since 2001. This validation process includes testing with respect to certain standards or protocols and then the issuing of an official certificate from NIST (National Institute of Standards and Technology) confirming compliance with FIPS 140-3.