Collaborate Disseminate
This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. Continue reading Selecting the right MSSP: Guidelines for making an objective decision
What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? Continue reading Good, Perfect, Best: how the analyst can enhance penetration testing results
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical systems and customer data. “Up until today, organizations of all sizes … Continue reading MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
ENISA discloses an in-depth analysis of the cybersecurity challenges faced by the connected and automated mobility (CAM) sector and provides actionable recommendations to mitigate them. The CAM sector in a nutshell Today, connected vehicles, environmen… Continue reading CAM sector cybersecurity challenges and how to mitigate them
You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security assessment, analysis and a progression of simulated attacks on an application or netw… Continue reading MythBusters: What pentesting is (and what it is not)
Today, with the world adjusting to the new normal, preparing for cyberattacks requires stringent protective strategies. Experts predict that in 2021, a cyberattack will occur every 11 seconds (nearly twice as frequently as in 2019). Is your network pr… Continue reading Network Penetration Testing: A Primer
Enterprise third-party risk management (TPRM) programs have been around for a half-decade or longer, and at this point most large organizations run one. However, many of these TPRM programs only provide a thin veneer of cybersecurity assurance. Recent … Continue reading Third-party risk management programs still largely a checkbox exercise
The PCI Security Standards Council (PCI SSC) has published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software S… Continue reading PCI SSC releases PCI Secure Software Lifecycle (SLC) Standard 1.1
Oftentimes, how organizations measure risk determines how they will prioritize investments. For IT professionals, building a set of metrics for security needs is often accompanied by feelings of anxiety, because if measurements look at the wrong data … Continue reading Measuring Security Risk vs. Success
Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, say researchers who have probed the devices for weak points. Common security issues such as non-encrypted data, insecure… Continue reading The cybersecurity issues of seismic monitoring devices