Threat modelling is a process for identifying potential threats to an organization's network security and all the vulnerabilities that could be exploited by those threats. Most security protocols are reactive - threats are isolated and patched after they've been injected into a system. Threat modelling, on the other hand, is a proactive approach to cybersecurity, whereby potential threats are identified and anticipated.
Technological innovation doesn’t slow down when it comes to software, but neither do cyberattacks. The rapid pace of modern programming brings the need for agility and security that can scale and improve to meet business needs. Organizations that want to keep up with innovation while staying secure need more than just capable tools in their tech stacks; having the right people in the right seats to champion your security efforts throughout the development process is also key.
Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world. Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.
The Biden Administration published a new executive order (EO) to strengthen the digital security of U.S. federal government networks. Published on May 12 by The White House, the executive order covered much of what many media outlets reported would appear in the draft. This included the issue of supply chain security. For example, the EO stated that the U.S. federal government will begin requiring developers to make security data about their tools publicly available. It also said that the U.S.
Online digital publishing platforms have thrived in the new media age. The ability to publish an article detailing news from around the world, within minutes of it happening, has allowed publishers to give their customers exciting and up-to-date content 24 hours a day, 7 days a week. However, like many other online platforms, publishers are often the victim of cyber-threats. Specifically, malicious bots programmed to perform a variety of attacks such as scraping, content theft and ad fraud.
The Federal Risk and Authorization Management Program, or FedRAMP, is a federal government program to provide a standardized approach for security assessment, authorization, and continuous monitoring for cloud services and cloud products offered by cloud service providers (CSPs). FedRAMP creates a single risk-based standard so government agencies can engage with cloud-based providers more easily.
Anybody who’s looked for answers on the Internet has likely stumbled across a “TOP X LISTS”: The “10 things famous people do every day”, “Top 10 stocks to by”, the “20 books you have to read” are just some examples of the myriad of lists that are out there offering answers. You may have even stumbled upon a few “Top 10 (or 12) Events To Monitor” articles too.
Ponemon Institute’s Reducing Enterprise Application Security Risks: More Work Needs to Be Done looks at the reasons why many enterprises consider the application layer to be the highest security risk. Ponemon Institute, in partnership with WhiteSource, surveyed 634 IT and IT security practitioners about their enterprises’ approach to securing applications.
Open Policy Agent, or OPA, is an open source, general purpose policy engine. OPA decouples policy decisions from other responsibilities of an application, like those commonly referred to as business logic. OPA works equally well making decisions for Kubernetes, Microservices, functional application authorization and more, thanks to its single unified policy language. So what’s a policy engine? And what’s policy? A policy can be thought of as a set of rules.
