It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost). Hallelujah! If you’re reading this article, then there’s a reasonable assumption that you know what ISO27001 is and you’re not going to be too worried about the back story. But let’s all be clear on a couple of points. The current version of the Information Security Management Standard is ISO27001:2013.
We wanted to call out some great adjacent research from the team at Sophoslabs Uncut that was released on December 21, 2021. Research groups frequently analyze similar (or in this case, identical) campaigns through their own unique lens. This is fantastic for the security community, as the campaign gets more eyes and different perspectives applied towards the same problem.
In 2008, Data Privacy Day started as an extension of Europe’s Data Protection Day, which commemorates the signing of Convention 108. This year, the National Cybersecurity Alliance (NCA) established Data Privacy Week to empower individuals and businesses to respect privacy, safeguard data and enable trust. Plus, data privacy is so important that it needs more than just a single day of discussion!
Spam filters are essential. Without them we couldn’t cut through the noise of phishing scams and malware links to read our messages. Hatred of spam is well entrenched in society, just as bots (especially scalpers) have become the bane of so many lives in recent years. There are several parallels between the email spam in our inboxes and malicious bots that crawl the web. Both are designed to cause harm to businesses and individuals. Both exploit systems designed to be useful.
White House memo directs the Defense Department and Intelligence Community to implement its May 2021 Executive Order on improving national cybersecurity.
When we hear the word hacking, our minds immediately go to servers, computers and laptops being hacked, but hacking isn’t just for computers, Wi-Fi routers can get hacked as well and are no exception to cyber attacks.
Cyber security (or information security) aims to protect an organisation’s or individual’s assets, be they digital or physical. In digital assets, an individual’s password is the most sensitive and valuable piece of information that cybercriminals can attempt to get their hands on.
The open ports in your hardware could be critical points of vulnerability if the services exposed to them are misconfigured or unpatched. Unfortunately, many organizations are currently exposing their sensitive resources through such malicious connections, heightening the risk of ransomware attacks, supply chain attacks, and data breaches.
A security questionnaire is a set of questions designed to help an organization identify potential cybersecurity weaknesses among its third-party and fourth-party vendors, business partners, and service providers. Organizations use security questionnaires to deliver informed vendor risk assessments. They allow organizations to vet potential vendors and other third parties by ensuring their information security practices and security policies meet both internal and external requirements.
Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers. The primary aim of Kubernetes is to mask the complexity of overseeing a large fleet of containers.
