Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

What's New in v8 of the CIS Controls

Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls, simplified some working, removed duplicate requirements, and created an abstract for each of the security measures.

What Is a Security Operations Center (SOC)?

Data breaches are costing organizations millions of dollars on average. In its 2020 Cost of a Data Breach Report, IBM found that a data breach cost the average organization $3.86 million. This price tag was even greater for organizations located in the United States and operating in the healthcare industry at $8.64 million and $7.13 million, respectively. What’s behind this price tag, you ask?

A Look at a Zero Trust Strategy for the Remote Workforce

If you are new to the security world, it is fair to ask yourself, “Isn’t access to data and systems always conditional? Isn’t it always granted to someone who has access to the credentials (ID and password)?” True enough, but in totality, the approach to managing access encompasses a broader spectrum of privacy policies. These policies include a mix of different strategies that can be applied based on an organization’s security vulnerabilities.

Ransomware is the biggest threat, says GCHQ cybersecurity chief

The head of the UK’s National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the need for ransomware problem to be taken seriously, and warns of the “cumulative effect” if society fails to properly deal with the rising threat.

Key Considerations for the Department of Energy on Defending the Bulk Power Grid

On January 20, President Joseph Biden issued Executive Order (E.O.) 13990 to help protect U.S. bulk power organizations. This Order enacted a 90-day suspension of E.O. 13920 which was set by the previous administration. The new executive order empowered the Secretary of Energy (“Secretary”) to publish new criteria around pre-qualifying vendors of electric equipment, as well as to devise rules for helping U.S. entities replace electric devices at risk of sabotage.

5 Tips and Tricks for Cloud Native Security

Cloud-native applications that are based on new types of infrastructure such as containers and serverless platforms are being rapidly adopted by organizations worldwide. While cloud-native applications deliver compelling benefits such as elastic scalability, unmatched resilience and rapid development velocity, they also raise challenges.

The Many Challenges of a CISO - The ClubCISO 2021 Information Security Maturity Report

We all have heard and read how the pandemic has disrupted our lives, how it has accelerated digital transformation to an unprecedented extent and how it challenged the existing security policies and practices. The question is how the people responsible for fortifying their organizations experienced the whole situation.

The Principle of 'Least Privilege' in the World of Cybersecurity

The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what’s necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access.

Protecting a New Vulnerable Population on the Internet

Abraham Lincoln is credited with saying that “A lawyer’s time and advice are his stock and trade.” Whether the quote is mis-attributed to Lincoln is irrelevant to the greater message, which is that attorneys are “knowledge workers.” To state it as bluntly as one attorney once explained to an executive where I worked, “My knowledge will keep you out of jail.” As a cybersecurity professional, you too are a knowledge worker.