APJ Webinar: “Inside-Out” Third Party Security Assessments – A New Approach
Imbalance between proactive and reactive cybersecurity
NIST Cybersecurity Framework (aka Framework for Improving Critical Infrastructure Cybersecurity) is an excellent resource for all organizations. There are 3 components to the framework as below: Core – Provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. Tiers – These implementation Tiers help assist organizations by providing […]
Gartner Top Security Projects for 2020-21
Security and risk folks are constantly trying to improve security without impacting business productivity. It is key to determine which projects will drive most business value while reducing risk. In September 2020, Gartner published their recommendations for Top 10 Security Projects for 2020-21 that security and risk management leaders should focus on. Here is a […]
Introducing Attenu8 platform to predict exploitability score for vulnerability to aid in prioritization
In InfoSec stress is a given, especially given that the InfoSec team needs to be right every time while bad actors need to be right only once. Vulnerability scanners overwhelm InfoSec teams, since these tools spew out a torrent of vulnerabilities. The whole scanning paradigm has outlived its value, but more about in a separate […]
Weekly Reserved CVE Actionable Insights ( June 23rd 2019 )
What are reserved CVE’s ? Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and […]
Energy sector at risk of cyber attacks!
Energy is the all pervasive fuel which drives world economies. It is no wonder that hackers regularly target energy sector companies to cause massive disruption. In a report titled “The road to resilience: managing cyber risks”, Christoph Frei, Secretary General, World Energy Council said the following: Cyber threats are among top issues keeping energy leaders […]
Unpatched software – the single biggest security risk.
Lately I have been going through recorded sessions from RSA Conference 2019. Thanks RSA for making these recordings available. This particular session “In the wake of an attack – Thoughts from a seasoned CISO” caught my attention and I listened to its playback. It is around 45 minutes for those of you who are […]
Will you be the next Equifax?
United States Senate Permanent Subcommittee on Investigations recently published a report titled “How Equifax neglected cybersecurity and suffered a devastating data breach“. It details out what aspects contributed to the data breach at Equifax and how Equifax’s competitors (TransUnion and Experian) were able to successfully mitigate the threat. The report is around 71 pages long and […]
Cybersecurity in the Health Care Industry
If you are in the health care industry, you might be aware of the voluntary cybersecurity guidance issued by Department of Health and Human Services (HHS) for health care industry. This guidance is aptly titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (aka HICP), as the key to “protecting patients and their data” […]