Collaborate Disseminate
I have a SaaS application which will interact with on premises applications and also with various other cloud providers using rest API calls along with access keys or tokens for authentication.
These keys are not automatically rotated, but… Continue reading Strengthening API security far SaaS application
In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires bala… Continue reading Tailoring responsible AI: Defining ethical guidelines for industry-specific use
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has d… Continue reading Establishing a security baseline for open source projects
The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decision to reclassify broadband service as a Title II telecommunications service allows the FCC to protect c… Continue reading Net neutrality has been restored
I am trying to find explicit recommendations on the frequency of penetration testing, if possible in an industrial environment.
I looked in ISO/IEC 27001, NIST SP 800-115 but could not find any information on this except that "It depe… Continue reading How often should one order a pentest?
Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at S… Continue reading Security best practices for GRC teams
In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, hold… Continue reading How decentralized identity is shaping the future of data protection
The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will not only… Continue reading Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge
In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological advancements … Continue reading Integrating cybersecurity into vehicle design and manufacturing
In this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard. Long advises organizations to establish a detailed project roadma… Continue reading Key strategies for ISO 27001 compliance adoption