CYBER THIS WEEK – JUNE 25, 2023
Why internal audit is the key to cyber risk management
Cyber risks are a growing threat to organizations, and internal audit has become a necessary line of defense in organizational management of these risks. Assessing the risk landscape, adding and reviewing internal controls, and using data analytics tools can make the difference. By taking a collaborative and risk-based approach, internal audit can help organizations navigate the complex and constantly evolving landscape of cyber risks.
How CISOs Can Cope With the Information Decentralization Era
Companies need to establish a clear policy of organizational information sensitivity control. This entails mapping out which information is approved for which SaaS system, keeping in mind the cyber security maturity of the SaaS provider, and constantly updating this information map.
Here’s how to use cyber threat intelligence to augment incident response
To unlock the potential of CTI (cyber threat intelligence) in IR (incident response) playbooks, responses and actions, security teams have to use it in the right way. With this in mind, here are five recommendations for building an IR strategy with CTI at the center.
How Computer Security Exercises Help Increase Readiness for Response to Cyberattacks in Nuclear Security
The IAEA has developed computer security exercises for nuclear power plants and radiological facilities, which have been carried out at a national level around the world. These exercises enable countries to practise and prepare their response to the worst-case scenario of a breach of cybersecurity at a nuclear facility.
DevSecOps: Striking a Balance Between Speed and Security
DevOps prioritizes speed and agility, whereas security emphasizes control and risk management. These priorities may seem contradictory, but DevSecOps tries to resolve this conflict by embedding security into the DevOps processes without impeding the development of applications or code.
ITDR Combines and Refines Familiar Cybersecurity Approaches
ITDR is not a radical departure from established cybersecurity methodologies, but rather an extension and refinement of existing practices. By recognizing the common threads between ITDR, fraud detection, and UEBA, organizations can build on their existing security investments and expertise to create a more comprehensive and robust security posture.
SSL/TLS Encryption: How It’s Changing the Landscape of Online Security
SSL/TLS encryption has had a profound impact on the landscape of online security. By providing a universally recognized standard for secure communication, incentivizing website owners to adopt this technology, and facilitating the growth of e-commerce and online banking, SSL/TLS encryption has become an indispensable tool in the ongoing battle to protect sensitive information and maintain user trust in the digital age.
3 Key Considerations for Achieving the DOD’s Zero-Trust Framework
The department’s strategy involves a culture shift in which branches must balance mission support anywhere without leaving systems vulnerable to attack.
What Is SCM (Security Configuration Management)?
The goal of Security Configuration Management activities is to manage and monitor the configurations of information systems to achieve adequate security and minimize organizational risk while supporting the desired business functionality and services
Cybersecurity in the Construction Industry: A Growing Threat
The construction industry is a prime target for cyberattacks because it collects and stores a large amount of sensitive data. This data includes project plans, blueprints, financial information, and employee data. Cybercriminals can use this data to steal intellectual property, disrupt construction projects, or extort money from businesses.