DevSecOps: an intro on why you need it

Posted by:

We’ve pulled together an FAQ on DevSecOps, so you can give some thought on whether this approach might be beneficial in your organization. We hope it’s useful.

What is DevSecOps?

The concept evolved from its predecessor DevOps, a portmanteau for Development and IT Operations (Dev + Ops). I have also heard it referred to as “Agile on steroids”. The idea is simple: it bridges the gap between development and IT teams through collaboration to reduce project ...

Read More →
1

Should C-level Bonuses Be Tied To Cybersecurity Posture?

Posted by:

The cybersecurity catch-22 – have you run across it? This is where, for example, you’ve found a vulnerability in a product, and you inform the affected company in a responsible way, but you never receive a response.

Or perhaps you work in the development team, and really want your employers to give you the resources you need to address a security flaw, only to see your requests shoved aside to focus on new, sexier features.

Read More →

0

2019: What to expect in cybersecurity this year

Posted by:

Another year is upon us. 2018 was a cyber rollercoaster with massive internet scandals and data breaches.  With that in mind there are a number of IT security topics that should be top of mind for 2019.

Take a look at a few we’ve identified…

Security by Design

We expect to see a greater focus on baked-in security, be this in application development, or in IT and company strategies. In 2018, with the enforcement of Europe’s data ...

Read More →
0

Are employees really the weakest link in your cyber-defense strategy?

Posted by:

It’s been touted for awhile that people, be they employees, business partners or consultants, are the true weakness in the cyber defenses of an organization.

It is people – all with some level of access to the inner sanctum of the network – that have been a main focus for malicious agents (aka “the bad guys”).

It isn’t rocket science as to why – as technology gets more complex and savvy, it is more difficult to sneak into a system undetected from ...

Read More →
0

Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Posted by:

Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00  or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.

Read More →

0

Blockchain – not just for cryptocurrencies, and not guaranteed secure

Posted by:

Blockchain continues to be widely promoted as a panacea set to revolutionize the internet, cut out all manner of middle-men and lead us to a new, simpler, safer world.

In the minds of most everyday folks (at least, those who are aware of it at all), it remains closely tied to Bitcoin and other cryptocurrencies, while even those who have heard about its wider applications tend to consider it super-secure by default.

But both these assumptions are on very shaky ground: it ...

Read More →
0

The truth about managing Supply Chain risk? It’ not easy

Posted by:

Ahhh the joys of supply chain risk management. It is a complex beast with many heads, each focusing on the problem from a different operational standpoint.

The goal is of course to build and maintain a resilient system of checks and balances so your organisation’s supply chain is healthy and operating at an acceptable level of risk.

If this sounds easy to you, I am willing to bet you’re a theoretical expert.

Read More →

0

GDPR: The big myth that could slide US firms into hot water.

Posted by:

It is now 12 weeks until the new EU GDPR legislation becomes a globally enforceable law. GDPR is an important new EU-mandated regulation: it provides the foundation for how organizations around the globe collate and process sensitive customer information belonging to EU residents.

Some say this is the best thing since sliced bread, in that it gives back a modicum of control to some individuals whose data is being processed willy-nilly in many organizations around the globe. ...

Read More →
0

CISOs, Do you have enough resources to do your jobs? No, we didn’t think so.

Posted by:

Be honest – how many of you CISOs out there are relying on a kind of “Fingers Crossed” approach when it comes to protecting your most valuable organizational assets?

If you are nodding quietly in answer to this question, you’re not alone.

We get it. The role and responsibilities of the CISO have changed dramatically since the role’s inception in the 1990s.

20 years ago, CISOs were focused on securing and defending the network perimeter. This meant ensuring firewalls were configured properly, vulnerabilities ...

Read More →
0

When cheaper is not better: a quick guide to penetration tests

Posted by:

An IT administrator recently vented his frustration about having to conduct a penetration test.

He wanted an in-depth assessment of his system to make sure his network was operating with a low risk profile, all while still making all the required services available to his users.  

His firm has cloud services, several sensitive databases, internal and external networks, not to mention multiple operating systems (the designers “demanded” Apple products).

The idea was ...

Read More →
0
Page 1 of 2 12
})
SEC Cybersecurity Exams