CYBER THIS WEEK – OCT 22, 2023
FAIR Insitute wants to quantify just how much a cyberattack costs
A materiality assessment model unveiled this week by the risk-management organization FAIR Institute aims to quantify those losses with an assist from the FAIR Materiality Assessment Model open-source framework.
FAIR Insitute wants to quantify just how much a cyberattack costs | Cybersecurity Dive
API Security in the Spotlight: Navigating Recent FFIEC Compliance Guidelines
The FFIEC’s swift pivot from mere acknowledgment of APIs to designating them as a unique attack surface is telling. It suggests that financial institutions might be on a tighter compliance timeline than anticipated. In this evolving scenario, CISOs, CIOs, GRC executives, and other leaders in financial institutions must prioritize fortifying their API security.
API Security in the Spotlight: Navigating Recent FFIEC Compliance Guidelines – CPO Magazine
CISO perspective on breach disclosure 1 year after Sullivan conviction
Reporting a breach and its anticipated impact on a company invites considerable scrutiny from regulators, the public and potential litigation. In certain instances, an organization may even have to provide technical details relating to how certain vulnerabilities were compromised, as stated in the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
CISO perspective on breach disclosure 1 year after Sullivan conviction | Security Magazine
Endpoint security in the cloud: What you need to know
Implementing cloud security features can secure data access, prevent infiltration and deliver benefits like better monitoring of user activity.
Endpoint security in the cloud: What you need to know (securityintelligence.com)
Understanding Cybersecurity Footprinting: Techniques and Strategies
Footprinting involves both passive and active methods to gather different types of data sets. Footprinting possesses both advantages and risks. Organizations must identify these information-gathering techniques and establish defenses against potential threat actor-driven footprinting attacks.
Understanding Cybersecurity Footprinting: Techniques and Strategies | Tripwire
Top 6 Mistakes in Incident Response Tabletop Exercises
An incident response tabletop exercise is a discussion-based practice that uses a hypothetical situation to coach a technical or executive audience through the cybersecurity incident response life cycle.
Top 6 Mistakes in Incident Response Tabletop Exercises (darkreading.com)
Why we need harmonized global cybersecurity regulations
International harmonization of standards could relieve some pressure on cybersecurity professionals and go a long way to creating efficiencies to support CNI operators.
Why we need harmonized global cybersecurity regulations | SC Media (scmagazine.com)
CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’
Poor credential management, lackluster patching and other common security mistakes continue to harm large enterprises.
CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’ | CIO Dive
NIST provides solid guidance on software supply chain security in DevSecOps
Key recommendations from the NIST’s latest guidance and why they are relevant to modern organizations developing and delivering software.
NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online
From The Server Room To The Boardroom: Why Data Risk Demands Board-Level Attention
From the server room to the boardroom, we should all ask the same question: Are we doing enough to proactively safeguard our company’s most sensitive information?