CYBER THIS WEEK – OCT 22, 2023
FAIR Insitute wants to quantify just how much a cyberattack costs
A materiality assessment model unveiled this week by the risk-management organization FAIR Institute aims to quantify those losses with an assist from the FAIR Materiality Assessment Model open-source framework.
API Security in the Spotlight: Navigating Recent FFIEC Compliance Guidelines
The FFIEC’s swift pivot from mere acknowledgment of APIs to designating them as a unique attack surface is telling. It suggests that financial institutions might be on a tighter compliance timeline than anticipated. In this evolving scenario, CISOs, CIOs, GRC executives, and other leaders in financial institutions must prioritize fortifying their API security.
CISO perspective on breach disclosure 1 year after Sullivan conviction
Reporting a breach and its anticipated impact on a company invites considerable scrutiny from regulators, the public and potential litigation. In certain instances, an organization may even have to provide technical details relating to how certain vulnerabilities were compromised, as stated in the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
Endpoint security in the cloud: What you need to know
Implementing cloud security features can secure data access, prevent infiltration and deliver benefits like better monitoring of user activity.
Understanding Cybersecurity Footprinting: Techniques and Strategies
Footprinting involves both passive and active methods to gather different types of data sets. Footprinting possesses both advantages and risks. Organizations must identify these information-gathering techniques and establish defenses against potential threat actor-driven footprinting attacks.
Top 6 Mistakes in Incident Response Tabletop Exercises
An incident response tabletop exercise is a discussion-based practice that uses a hypothetical situation to coach a technical or executive audience through the cybersecurity incident response life cycle.
Why we need harmonized global cybersecurity regulations
International harmonization of standards could relieve some pressure on cybersecurity professionals and go a long way to creating efficiencies to support CNI operators.
CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’
Poor credential management, lackluster patching and other common security mistakes continue to harm large enterprises.
NIST provides solid guidance on software supply chain security in DevSecOps
Key recommendations from the NIST’s latest guidance and why they are relevant to modern organizations developing and delivering software.
From The Server Room To The Boardroom: Why Data Risk Demands Board-Level Attention
From the server room to the boardroom, we should all ask the same question: Are we doing enough to proactively safeguard our company’s most sensitive information?