Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

How to Pass an IT Compliance Audit

IT compliance requirements are designed to help companies enhance their cybersecurity and integrate top-level protection into their workflows. But passing an IT security audit can be challenging. Complex requirements, constant changes in standards and laws, and audit processes, and a high number of required security procedures are the key challenges of maintaining compliance. The way out is with careful preparation and smart planning.

Cyber Security for Chemical Industry

Physical or cyber, security is one of the most essential concerns for chemical industry. In this article, we will take a closer look at the cybersecurity requirements. Keep reading to learn more! With the advancements in the technology and Internet of Things, most processes related to the production, shipment and storage of chemicals heavily rely on the automation and cyber solutions.

Security risk assessments explained

This blog was written by a third party author. A security risk assessment is a formal method for evaluating an organization's cybersecurity risk posture. Comprehensive security risk assessments take stock in business objectives, existing security controls, and the risk environment in which the business operates. When done well, the assessment identifies security gaps in existing controls as compared with industry best practices.

Undetected e.05: Cecilia Wik - A Lawyer's Take on Hacking

When is hacking legal? Host and security researcher Laura Kankaala delves into this topic with guest and Detectify General Counsel Cecilia Wik. NOTE: this episode does not give any official legal advice, but Laura picks Cecilia’s brain about the legalities of hacking with her area of expertise, the law. Their discussion covers different laws concerning the information security community such as copyright law, the Computer Fraud and Abuse Act and Wire Fraud Act.

Vulnerability assessment | ManageEngine Vulnerability Manager Plus

ManageEngine Vulnerability Manager Plus is a prioritization driven threat and vulnerability management solution for enterprises with built-in remediation. This video covers how you can utilize Vulnerability Manager Plus to discover vulnerabilities, put them in context to understand their impact and urgency, and swiftly remediate the imminent vulnerabilities with a built-in patching workflow.

GCP OAuth Token Hijacking in Google Cloud-Part 2

Imagine you’ve protected your production Google Cloud environment from compromised credentials, using MFA and a hardware security key. However, you find that your GCP environment has been breached through the hijacking of OAuth session tokens cached by gcloud access. Tokens were exfiltrated and used to invoke API calls from another host. The tokens were refreshed by the attacker and did not require MFA. Detecting the breach via Stackdriver was confusing, slowing incident response.