A few days ago we did a very well-attended webinar focused on the modern Security Operations Center (SOC) approach (see “Trend for the Modern SOC” for a replay link). We got a lot of great questions, and just like in the good old times, I am writing a … Continue reading SOC Trends ISACA Webinar Q&A
The long-expected Executive Order On Improving the Nation’s Cybersecurity was published Wednesday, May 12, 2021. My initial reaction is positive. It calls for using multifactor authentication and encryption within Federal agencies after all, things th… Continue reading A Cyber Executive Order For the 21st Century
While past blogs focused on the initial cyberattack involving Microsoft Exchange Server, this follow-up article takes a much closer look at what really happened–and how similar attacks can be avoided.
The post Follow Up: The Microsoft Exchange At… Continue reading Follow Up: The Microsoft Exchange Attack | ARIA Cybersecurity
NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid […]
The post Security by Design and NIST 800-160, Part 2: Life Cycle Processes appeared first on Security Intelligence.
Every effective PII protection effort addresses three critical imperatives – data discovery, access governance and risk mitigation. IT teams grappling with privacy mandates need to consider these factors across their unstructured and structured data c… Continue reading How to Protect Structured and Unstructured Data
Considering the breadth and diversity of attacks facing today’s organizations, it’s no wonder cybersercurity and IT professionals are relying on an ever expanding arsenal of new tools and technologies. A recent survey revealed that nearly 80% of organi… Continue reading Product Showcase: Acronis Cyber Protect
In United States v. Carpenter, the United States Supreme Court ruled that, before the police could obtain historical cell site location information (CSLI) about the location of someone’s cell phone in the past, they had to seek and obtain a warrant fr… Continue reading Federal Court Narrows ‘Third Party’ Warrant Requirement
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed interest by organizations to reevaluate their supply chain security posture, lest t… Continue reading 3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
Power plants are one of the most vitally important components of modern civilization’s infrastructure. A disruption in energy production impacts all aspects of society from healthcare to national security. Eliminating a country’s ability to generate en… Continue reading Top security threats for power plants and how to proactively avoid them
As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of factors involved when running sophisticated infrastructures turns this situation into a multidimensional headache with… Continue reading Infrastructure drift: A multidimensional problem with the need for new DevSecOps tools