CCPA vs GDPR – what you need to know

Posted by:

Most of us are aware that California’s new consumer privacy law- CCPA – is set to take effect next January. While that might seem like eons away, it is not.

You might be forgiven for thinking that because you have twisted and strengthened your operation to comply with the EU’s General Data Protection Act, GDPR for short, you surely must be meeting the California privacy requirements.

Sadly – you are wrong. It’s ...

Read More →
0

DevSecOps: an intro on why you need it

Posted by:

We’ve pulled together an FAQ on DevSecOps, so you can give some thought on whether this approach might be beneficial in your organization. We hope it’s useful.

What is DevSecOps?

The concept evolved from its predecessor DevOps, a portmanteau for Development and IT Operations (Dev + Ops). I have also heard it referred to as “Agile on steroids”. The idea is simple: it bridges the gap between development and IT teams through collaboration to reduce project ...

Read More →
1

Should C-level Bonuses Be Tied To Cybersecurity Posture?

Posted by:

The cybersecurity catch-22 – have you run across it? This is where, for example, you’ve found a vulnerability in a product, and you inform the affected company in a responsible way, but you never receive a response.

Or perhaps you work in the development team, and really want your employers to give you the resources you need to address a security flaw, only to see your requests shoved aside to focus on new, sexier features.

Read More →

0

How the US government shutdown damages cybersecurity for everybody

Posted by:

The US government has been in shutdown mode for a record length of time, already at the time of writing exceeding the previous Clinton-era record, 21 days in 1995-96, by more than 50%.

With disagreement over the $5 billion cost of President Trump’s border wall showing no signs of abating, the shutdown could well roll on into February.

What impact is the shutdown having on cybersecurity?

Website certificates: 

The most visible effect has been on government-run websites. ...

Read More →
0

Are employees really the weakest link in your cyber-defense strategy?

Posted by:

It’s been touted for awhile that people, be they employees, business partners or consultants, are the true weakness in the cyber defenses of an organization.

It is people – all with some level of access to the inner sanctum of the network – that have been a main focus for malicious agents (aka “the bad guys”).

It isn’t rocket science as to why – as technology gets more complex and savvy, it is more difficult to sneak into a system undetected from ...

Read More →
0

Pen Tests and Red Teams are NOT the same

Posted by:

So the other day, I was debating the ins and outs of a cyber strategy to protect a network. At one point, my learned friend scoffed at me, saying I was splitting hairs – that there was essentially no difference between “red teaming” and penetration testing.

I respectfully disagreed, and here’s why:

Actually, let’s first admit that they do have one thing is common. They both are key to a holistic defense strategy, but they should not be conflated.

Let’s define what we ...

Read More →
0

Penetration Tests: Why It Stops Trouble Before It’s Too Late

Posted by:

No matter what kind of company you work in, if it has online assets – like a web store or site, or databases containing sensitive information like business strategies, financials, or customer info – you face a dilemma: how do I stop unauthorized users from entering restricted systems and accessing files, yet ensure seamless accessibility to my users?

There are of course countless approaches to this problem, usually including layers of security, powerful software and enforced policies. Now, even in big ...

Read More →
0

The Big Case for Multi-Factor Authentication: October Cybersecurity Awareness Month

Posted by:

We are steaming through October’s cybersecurity awareness month. We have talked about how ignoring the everyday scams, malware and data grabs is detrimental to individuals as well as your organization’s risk posture. In fact, passwords are still the number one attack vector. Don’t think for a moment that the password problem has gone away.

In 2017, a Verizon report stated that 95% of web application attacks take advantage of weak ...

Read More →
0

Top Five Data Breaches of Summer 2018

Posted by:

It seems that 2.6 billion records were exposed in the first half of 2018. Just to provide context, remember that there are less than 3 times that many people alive on the planet. Obviously, those records don’t represent unique users, but it goes to show the sheer scope of the problem.

And it is an expensive problem. In the U.S. the average price tag swells to $7.91 million per breach, with an average clean up time ...

Read More →
0

Top five IT security threats AND what you can do about them

Posted by:

The job of a security administrator is far more complex today than ever. Plethoras of attacks attempt to blow down your corporate doors on a daily basis. Below, we’ve outlined today’s most prevalent attacks, and provided some expert advice on how to prevent being their next victim.

 

Malware and targeted attacks

Malware has moved a long way from the viruses and worms of the 1990s, becoming ever more crafted to target specific businesses or sectors, to steal ...

Read More →
0
Page 1 of 10 12345...»
})
SEC Cybersecurity Exams