CYBER THIS WEEK – AUGUST 27, 2023
5 Best Practices for Implementing Risk-First Cybersecurity
To fully appreciate the advantages of the risk-driven approach, it is vital to recognize the constraints of the security-first approach. Security is crucial, but it’s just one facet of the broader risk landscape. Focusing solely on security can overshadow other equally important considerations.
5 Best Practices for Implementing Risk-First Cybersecurity (darkreading.com)
How to Build True Cyber Resilience
Cyber resilience is a holistic concept, and a fragmented approach makes it difficult to achieve. It may be particularly challenging for smaller organizations to move away from that fragmented approach.
How to Build True Cyber Resilience (informationweek.com)
CVSS 4.0: How Will it Change Vulnerability Management?
With an official publication date set for Oct. 1, 2023, CVSS 4.0 brings sweeping changes to the standard that aims to enable companies to better manage, prioritize and patch vulnerabilities before threat actors exploit them. This article overviews some of the fundamental changes introduced in CVSS 4.0.
CVSS 4.0: How Will it Change Vulnerability Management? (nuspire.com)
10 benefits of security performance metrics for CISOs
Measuring security performance may not sound like the most exciting exercise on the CISO’s agenda, but the right metrics can deliver significant value to security leaders and go a long way to helping them tackle a diverse set of challenges
10 benefits of security performance metrics for CISOs | CSO Online
Understanding how hackers find their way in application supply chain
The so-called application supply chain — the network of interconnected and interoperable third-party components that modern applications increasingly rely on — represents one of the latest and most serious vulnerabilities that hackers are targeting. Security teams must rethink their approaches and strategies to respond to this threat.
Understanding how hackers find their way in application supply chain | Security Magazine
A Surge of Cyber Security for the Energy Sector
In this article, we explore the current cybersecurity challenges faced by the Energy sector and discuss potential solutions to mitigate these risks.
A Surge of Cyber Security for the Energy Sector – SecurityHQ
From cyber strategy to Implementation: what CEOs and boards need to Know
The 57-page National Cybersecurity Strategy Implementation Plan (NCSIP) calls for immediate action in some cases. It enlists 18 federal agencies in a coordinated effort to put in place controls, promulgate regulations and even take offensive action against attackers, all under the leadership of the Office of the National Cyber Director (ONCD).
Among the 65+ initiatives in the plan, here are the ones that are most important to realizing these shifts. Be prepared to engage and share information in consultations and working groups, learn about and take advantage of new or increased government resources, and anticipate new compliance obligations.
From cyber strategy to Implementation: what CEOs and boards need to Know (harvard.edu)
Industrial networks need better security as attacks gain scale
Critical infrastructures and operational technology systems will face increasing threats as they move toward common standards.
Industrial networks need better security as attacks gain scale | ZDNET
The Path from CISO to Board Director
It’s not enough to put “cyber experience” at the top of your LinkedIn profile and then wait for the recruiters to call. CISOs need specific types of experience, both technical and operational, to gain the perspective and judgment that boards want to see. Only then can you be a credible candidate for board service.
The Path from CISO to Board Director | NAVEX – JDSupra
It’s a Process, Not a Product: A Proven Approach to Zero Trust
By instituting a process-driven approach to Zero Trust, organizations are investing in long-term, lasting solutions, rather than a product whose benefits expire as soon as the contract does. This article delves into the foundational pillars of a true Zero Trust Architecture
It’s a Process, Not a Product: A Proven Approach to Zero Trust – CPO Magazine