Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Dawn of a new decade: Leaping from GRC to IRM - A building block approach

First things first: It is crucial to understand the difference between Governance, Risk and Compliance (GRC) and Integrated Risk Management (IRM) because this sets the stage for long term strategic risk management and breaks down the siloed approach to risk that exists in many organizations today. It is because GRC is sometimes implemented from a compliance-driven strategy rather than a risk driven initiative.

What is HECVAT (Higher Education Community Vendor Assessment Toolkit)?

The Higher Education Community Vendor Assessment Tool (HECVAT) is a security assessment template that attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use. HECVAT has various versions that are free to use and provide a consistent, streamlined third-party risk assessment framework.

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can detect all of them. Organizations must prioritize their coverage of vulnerabilities that they determine will have the biggest impact.

Office 365 Incident Response Management

After they entered, they may have left all the other windows and doors open Before working in cyber-security, I once worked at a company, when I was approached to look at another staff member’s email account which was “acting a bit funny”. When I looked, I found the sent mailbox was filling every 5 seconds with a new sent email, each to a seemingly random recipient, each purporting to be able to help the recipients “Meet girls” or “enlarge” one’s whatnot.

How to Get Started in Digital Forensics

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response commander, etc.) means that this is an area where the field of knowledge is intimidating because it’s so expansive.

NetOps vs DevOps vs DevSecOps - What's the Difference?

One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it comes to definitions, I always look to ask a variety of persons from across industries on how they would define certain terms.

Weekly Cyber Security News 21/02/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Extortion methods have been pretty consistent the past couple of years, but a new one popped up this week which seems to be focused on the online small business owner. I wonder how this one will pan out.