2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Securing Essential Services: NIS Compliance Guidelines for OES

The EU Network and Information Security (NIS) Directive was adopted by the European Commission in 2016 and focused on establishing comprehensive cybersecurity regulations across the European Union. The NIS Directive is a robust piece of legislation enforced by local laws within each member state, working alongside other EU-wide regulations like the GDPR. The NIS Directive applies to Digital Service Providers (DSPs) and Operators of Essential Services (OES).

Extending Kubernetes traffic identity with Calico Egress Gateway to Sophos Firewall

By default, traffic leaving a Kubernetes cluster lacks a meaningful network identity, making it challenging to associate it with its source workload. This is an issue because, in an on-premises infrastructure, companies rely on firewalls, for example Sophos Firewall, to inspect this traffic which loses its identity as soon as it leaves the cluster.

Unpacking ISO 31010: Effective Risk Assessment Techniques

ISO 31010 is a supplementary document to the risk management standard ISO 31000. It was developed to support the risk assessment process in ISO 31000, outlining different risk assessment techniques to broaden the scope of an organization’s risk evaluation methods. This post offers a comprehensive overview of ISO/IEC 31010, highlighting the standard’s potential to increase the effectiveness of risk management strategies. Learn how UpGuard streamlines Vendor Risk Management >

Using ISO 27002: 2022 to Improve Information Security Practices

ISO/IEC 27002 offers guidance on implementing an Information Security Management System (ISMSP). This international standard is very effective at helping organizations protect themselves against various information security risks through a series of security control categories. However, with the standard addressing such diverse information security risks, cybersecurity teams often find implementation and maintaining alignment a significant challenge.

How to Secure Remote Workers and Cloud Access at the Same Time

In an era where remote work and cloud-first applications have transformed the business landscape, hardening cloud and remote access has never been more critical. Join us for a live event to explore cohesive strategies for safeguarding your organization's most valuable assets in the cloud. Thought leaders Jerald Dawkins, Ph.D., Chris Clements, and Michael Oglesby will introduce Argo Edge, a cutting-edge cloud-first security solution, and how it addresses these challenges head-on. Learn more about how to provide robust protection for your users – regardless of their location.

How To Spot Phishing Emails

Phishing emails have traditionally been easy to spot by looking for signs such as misspelled words and unsolicited links and attachments. Although phishing emails are not a new occurrence, they have become a part of our daily lives. With the advancement of technology, however, the cybercriminals behind these phishing emails now have developed new ways to scam their victims. Regardless of these advancements, there are still ways to protect yourself from phishing emails.