Collaborate Disseminate
Bruce Schneier coined the phrase security theater to describe “security measures that make people feel more secure without doing anything to actually improve their security.” That’s the situation we still face today when it comes to defending against c… Continue reading How security theater misses critical gaps in attack surface and what to do about it
While ISO/IEC 27000, the NIST Cybersecurity Framework, the Shared Assessment SIG, Cloud Security Alliance CAIQ, the Center for Internet Security Top 20 and other standards now prevail in the cybersecurity industry, the third-party risk management disc… Continue reading How to Build the Right Security Assessment
The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by F… Continue reading A proactive approach to cybersecurity requires the right tools, not more tools
Claim alleges aerospace company committed fraud under the False Claims Act because it failed to meet information security requirements A California federal court in May permitted a lawsuit to go forward alleging a government contractor’s failure to ad… Continue reading Court Allows Cybersecurity Fraud Case Under Federal False Claims Act
Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. But at the event Google also announced a number of G Suite enhancements, many o… Continue reading Google introduces many G Suite security enhancements
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision makers: Current practices and technologies used to support TPCRM and assess thir… Continue reading Third-party cyber risk management a burden on human and financial resources
I have been on the receiving end of many vendor security assessments from customers and prospects. Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send … Continue reading Smarter Vendor Security Assessments: Tips to Improve Response Rates
The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. Preparing for major cross-border cyber-attacks To prepare for major cross-border cyber… Continue reading Cyber preparedness essential to protect EU from large scale cyber attacks
Over the past few years, hackers have increasingly abused Google Chrome extensions to steal people’s data, inject rogue ads into websites or hijack CPU power to mine cryptocurrency. Now, a new online scanning service aims to shed more light on t… Continue reading New Service Scans Chrome Extensions for Vulnerabilities and Privacy Risks
When I last spoke to Alan Duric, co-founder and (at the time) CEO of the company developing secure messaging application Wire, he stressed the importance of independent and regular security audits of software. The company had already previously engaged… Continue reading Wire shares results of independent security audit of its secure messaging apps