Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Posted by:

Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00  or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.

Read More →

0

U.S. and China trade wars: What’s the likely impact on information security?

Posted by:

Image courtesy of the Los Angeles Daily News

The U.S. political landscape is shifting dramatically, and no one knows what this shake out will uncover. For better or worse, it is certainly rocking the boat for U.S. residents, but changes are afoot for other global entities as well.

One of these entities is China.

According to media reports as recent as yesterday, China says it is “fully prepared” for a trade war with the U.S.

This coming ...

Read More →
0

Cryptomining – How Prevalent Is It And How To Stop It

Posted by:

One of the recent additions to the cyber threat landscape plaguing many organizations is the introduction of Crypto Miners. Due to the rise in popularity of Cryptocurrency, attackers have been shifting their attention and focus on gaining access to as many resources as they can find. The end goal of these attacks is to utilize the victim’s CPU to mine Cryptocurrency. To gain access to these resources the attackers are cycling in and out the latest and most popular exploitable ...

Read More →
0

Some useful advice for newly-appointed CIOs and CISOs

Posted by:

For the newly appointed CIO or CISO, being hit with an unexpected information security disaster is like a bone-crushing punch in the face.

Not only do you have to think on your feet and make decisions confidently and swiftly, but if you are still unfamiliar with the internal environment, you are swimming in dangerous waters: make the wrong call, and risk screwing up some essential service delivery or upsetting customers and shareholders. Each system, security policy, management team, staff ...

Read More →
0

Blockchain – not just for cryptocurrencies, and not guaranteed secure

Posted by:

Blockchain continues to be widely promoted as a panacea set to revolutionize the internet, cut out all manner of middle-men and lead us to a new, simpler, safer world.

In the minds of most everyday folks (at least, those who are aware of it at all), it remains closely tied to Bitcoin and other cryptocurrencies, while even those who have heard about its wider applications tend to consider it super-secure by default.

But both these assumptions are on very shaky ground: it ...

Read More →
0

Yes, the passwords users choose *really* matters

Posted by:

Earlier this month, we celebrated that little-known tribute day known as World Password Day.

Responsible security organizations should use this opportunity to share best practice advice to help people understand just how darn easy it is for fraudsters to cause havoc if they can access privileged accounts authorized to change, edit and delete files, settings, apps or data.

Sadly, it seems that it is also a day where marketing people, who might be less au fait with cybersecurity, ...

Read More →
0

Vulnerability Assessment, Penetration Testing and Red Teams Explained

Posted by:

Confused about vulnerability testing and penetration tests and Red teams? I’m not surprised one bit.

These days, a growing number of information security experts use these terms interchangeably, as though they refer to the same thing. Whether it is due to apathy or a clear lack of understanding of the differences between these activities, security service providers are only confusing the matter by not informing their customers of what they get with each of these services. ...

Read More →
0

Meet CIS RAM: the new balanced infosecurity framework

Posted by:

Applications, devices, technology and service provisioning are the bread and butter of IT, but any information security professional knows that risk management is equally important.

There is no point in an IT advisor implementing a service if it poses too much risk to the organization. This is why, for example, many companies prevent  access to social media sites – the benefits of access does not outweigh the risk.

Information Security professionals  have a duty ...

Read More →
0

What is an information security framework and why do I need one?

Posted by:

An information security framework, when done properly, will allow any security leader to more intelligently manage their organizations cyber risk.

The framework consists of a number of documents that clearly define the adopted policies, procedures, and processes by which your organisation abides.  It effectively explains to all parties (internal, tangential and external) how information, systems and services are managed within your organisation.

The main point of having an information security framework in place is ...

Read More →
0

The truth about managing Supply Chain risk? It’ not easy

Posted by:

Ahhh the joys of supply chain risk management. It is a complex beast with many heads, each focusing on the problem from a different operational standpoint.

The goal is of course to build and maintain a resilient system of checks and balances so your organisation’s supply chain is healthy and operating at an acceptable level of risk.

If this sounds easy to you, I am willing to bet you’re a theoretical expert.

Read More →

0
Page 1 of 9 12345...»
})
SEC Cybersecurity Exams