Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Risk Mitigation in Software Engineering

Developing software while maintaining its embedded security can feel like the “Impossible Dream.” As you update your product, you’re potentially adding new vulnerabilities. As part of the risk management process in software engineering, you need to work with cybersecurity professionals throughout the software development life cycle (SDLC) to create a mature security profile.

Security Have and Have-Nots

Way back in around the 2010 / 2011 timeframe Wendy Nather coined the phrase "The Security Poverty Line" in which she hypothesised that organisations, for one reason or another (usually lack of funds), can't afford to reach an effective level of information security. Nearly a decade on, and while the term has sunk into frequent usage within the information security community, are we any better at solving the issue now that we've identified it?

Enable Kubernetes Pod Security Policy with kube-psp-advisor

Kubernetes Pod Security Policy is a mechanism to enforce best security practices in Kubernetes. In this tutorial, we will explain how to enable Kubernetes Pod Security Policy across your cluster using kube-psp-advisor to address the practical challenges of building an adaptive and fine-grained security policy on Kubernetes in production.

Bad Password Management by Privileged Insiders Puts the Organization at Risk

Ponemon’s 2019 State of Password and Authentication Security Behaviors Report highlights how inappropriate use of privileged password can give insiders the access they need. Ultimately, the malicious insider needs one thing to perform an act that hurts the organization – access.

6 Security Tips When Trading Online

Online trading is on the rise as many consumers take control of their own investments or work with brokers virtually rather than in person or over the phone. At the same time, cybersecurity attacks are on the rise as hackers also try to take advantage of gaps in the system, stealing identities and even money.

A guide to HTTP security headers for better web browser security

As a website owner or web developer you can control which HTTP-headers your web server should send. The purpose of this article is to shine some light on the different response HTTP-headers that a web server can include in a request, and what impact they have on security for the web browser.

Why Security Is Needed to Keep the CI/CD Pipeline Flowing Smoothly

Technology has advanced to a state where clients now expect a constant stream of updates for their software and applications. To fulfill this demand, developers commonly turn to what’s known as a CI/CD pipeline. As noted by Synopsys, this practice embraces two important software development concepts of today’s streamlined world.

State Security Breach Notification Laws

A security breach is defined as any unauthorized access or acquisition that compromises the security, confidentiality, integrity or availability of covered information, systems, and applications. Recent years have seen significant amounts of legislative activity related to state data breach notification laws. South Dakota and Alabama enacted new data breach notification laws in 2019, becoming the last of 50 U.S. states to enact such laws.

Dark Web Recruitment of Employees Puts Organizations at Risk

The idea of your employees being solicited on the Dark Web isn’t a hypothetical; it’s real, it’s tempting, and it’s lucrative. We’ve written previously about the dangers of the Dark Web and why you need to be paying attention as an employer. One of the realities of the dark web is the issue of recruitment.

6 Steps to Performing a Cybersecurity Risk Assesment

If you ever purchased a “one-size-fits-all” item of clothing, you know that it’s never really going to fit everyone. Some people are too shirt and others too tall. Most cybersecurity standards and regulatory requirements recognize the same limitations apply to cybersecurity. Multinational corporations have different needs when compared to small and mid-sized organizations.