Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.
ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been.
Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM) tools like Tripwire Enterprise (TE) to assist you on your Zero Trust (ZT) journey.
Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives.
It’s been another fantastic year on The State of Security blog. With over 350 blogs published from all walks of the security community, we like to think of the blog as more of an industry resource that caters to not only experienced security professionals but also to those who are new to the community. To finish the year off, I wanted to look back on some of my personal favorites. I’ve tried to include a mixture of different styles, topics and authors.
TikTok, the popular video posting app, has come under increased scrutiny. Recently, two lawsuits filed against the platform accused TikTok of privacy violations. According to a report from Reuters, a plaintiff accused TikTok of creating an account without her knowledge or consent in one lawsuit filed in California. The lawsuit accused TikTok of creating a file on the user. This file allegedly included biometric data based on videos that the user created, but did not upload.
At some point in the past, I began making new year’s resolutions for doing a bit of personal privacy and security maintenance on New Year’s Day or thereabouts. I would usually have a bit of downtime to finally get around to doing the things I’d been putting off all year. It’s become a fun habit that I wanted to share.
I recently wrote about phishing around the holidays and while I was working on the piece, I noticed a couple of friends posting recent emails on Facebook. I thought it might be fun to dig a bit deeper into those emails and look at the telltale signs that indicate these are phishing attempts.
How likely is it to fall victim to fraud? As far as I’m aware, I personally have not purchased from a fraudulent site, but I have had my card details stolen in the past. Additionally, I remember years ago that while attempting to find a flat, I found a ‘rental company’ who turned out to be one person attempting to rent out flat 13 that due to superstition didn’t actually exist.
Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security posture within yourself and/or your team.
