Collaborate Disseminate
DataSecOps melds an automated mechanism to manage data, along with security, in an effective operations setup Data is the backbone of any organization. It’s what makes the company run. It is also where all the company secrets are kept. But when data a… Continue reading DataSecOps: Protecting Data in the Cloud
I have a few developers who – well, let’s just say I don’t have much faith in their operational security.
Time was, in the pre-COVID world, it was well understood that they didn’t run IDEs directly off their laptops. That seems to have ch… Continue reading Devs running IDE’s remotely…risks and how to remediate
The number of ways to exfiltrate data from an organization from an insider threat perspective is only limited by the imagination. Can detection teams reliably be alerted of the more unorthodox, alternate vectors ?
Continue reading feasibility of blue teams detecting insider threat data exfiltration
Due to the numerous vulnerability detection methodologies in use today, it becomes quite challenging to efficiently have visibility over the progress made in patching vulnerabilities detected via several techniques e.g. internal applicatio… Continue reading Vulnerability management mechanisms – efficient coordination and visibility internal testing, bug bounty programs reports and penetration testing [closed]
I’m currently learning about the sector, and I want to know at which moment security professionals are used. I may not fully understand why companies or governments have the need of security-related operations that have to be coordinated b… Continue reading Why is a security professional needed? [closed]
Airbnb’s Global Product Director of Customer and Community Support, and Carta’s Head of Enterprise Relationship Management share how companies should be thinking about customer service. Continue reading ‘The Operators’: Experts from Airbnb and Carta on building and managing your company’s customer support
After a March report exposed Iran-linked APT33’s infrastructure and operations, the cyberespionage group has adopted new tactics and techniques. Continue reading Iran-linked APT33 Shakes Up Cyberespionage Tactics
The Most Valuable Resource of All: Time This post was authored by Paul Asadoorian, CEO and founder of Security Weekly. Over the last twenty years we have witnessed dramatic changes in the way companies write and ship code. First there was Waterfall, fo… Continue reading The Age of DevOps
I’m studying for the CCSP exam and one of the BC/DR terms that is referenced in my study material is “Maximum Allowable Downtime”. The definition for it is:
MAD (Maxium Allowable Downtime) How long it would take for an … Continue reading Is there a difference between "Maximum Tolerable Downtime" and "Maximum Allowed Downtime"?
I’m reviewing security frameworks to adopt for a startup. We need the framework to be light, hit the highest risk areas first, works well with HIPAA and HITRUST and be able to morph over time as our organization matures. We … Continue reading Most applicable CSF