Collaborate Disseminate
The PCI Security Standards Council (PCI SSC) has published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software S… Continue reading PCI SSC releases PCI Secure Software Lifecycle (SLC) Standard 1.1
Oftentimes, how organizations measure risk determines how they will prioritize investments. For IT professionals, building a set of metrics for security needs is often accompanied by feelings of anxiety, because if measurements look at the wrong data … Continue reading Measuring Security Risk vs. Success
Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, say researchers who have probed the devices for weak points. Common security issues such as non-encrypted data, insecure… Continue reading The cybersecurity issues of seismic monitoring devices
A recent research shows high-risk vulnerabilities at 84% of companies across finance, manufacturing, IT, retail, government, telecoms and advertising. One or more hosts with a high-risk vulnerability having a publicly available exploit are present at 5… Continue reading How do I select a security assessment solution for my business?
Bruce Schneier coined the phrase security theater to describe “security measures that make people feel more secure without doing anything to actually improve their security.” That’s the situation we still face today when it comes to defending against c… Continue reading How security theater misses critical gaps in attack surface and what to do about it
While ISO/IEC 27000, the NIST Cybersecurity Framework, the Shared Assessment SIG, Cloud Security Alliance CAIQ, the Center for Internet Security Top 20 and other standards now prevail in the cybersecurity industry, the third-party risk management disc… Continue reading How to Build the Right Security Assessment
The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by F… Continue reading A proactive approach to cybersecurity requires the right tools, not more tools
Claim alleges aerospace company committed fraud under the False Claims Act because it failed to meet information security requirements A California federal court in May permitted a lawsuit to go forward alleging a government contractor’s failure to ad… Continue reading Court Allows Cybersecurity Fraud Case Under Federal False Claims Act
Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. But at the event Google also announced a number of G Suite enhancements, many o… Continue reading Google introduces many G Suite security enhancements
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision makers: Current practices and technologies used to support TPCRM and assess thir… Continue reading Third-party cyber risk management a burden on human and financial resources