Collaborate Disseminate
It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creati… Continue reading Signatures should become cloud security history
I would like ot know more about What are the list of Cyber Security Industry wide – Security Standards and Controls Educational Purpose?
e.g.:
ISMS -> Information Security Management System -> ISO 27k1 2022 -> Risk Management
Bank… Continue reading What are the list of Cyber Security Industry wide – Security Standards and Controls Educational Purpose? [closed]
Q-Day—the day when a cryptographically relevant quantum computer can break most forms of modern encryption—is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few years… Continue reading Preparing for Q-Day as NIST nears approval of PQC standards
I have a SaaS application which will interact with on premises applications and also with various other cloud providers using rest API calls along with access keys or tokens for authentication.
These keys are not automatically rotated, but… Continue reading Strengthening API security far SaaS application
In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires bala… Continue reading Tailoring responsible AI: Defining ethical guidelines for industry-specific use
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has d… Continue reading Establishing a security baseline for open source projects
The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decision to reclassify broadband service as a Title II telecommunications service allows the FCC to protect c… Continue reading Net neutrality has been restored
I am trying to find explicit recommendations on the frequency of penetration testing, if possible in an industrial environment.
I looked in ISO/IEC 27001, NIST SP 800-115 but could not find any information on this except that "It depe… Continue reading How often should one order a pentest?
Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at S… Continue reading Security best practices for GRC teams
In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, hold… Continue reading How decentralized identity is shaping the future of data protection