Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
CloudCasa: Enabling Self-Service Kubernetes Backup and Recovery with Cluster Multi-Tenancy
Are you wanting to reduce Kubernetes cluster sprawl and enable developers to do their own backup and recovery? Join William Bush, Field CTO at CloudCasa by Catalogic and Dario Tranchitella, Technical Advisor at Clastix, for a discussion on cluster multi-tenancy and how it can easily enable secure, self-service Kubernetes backups. During this educational webinar, you will learn: What problems cluster multi-tenancy addresses
Ultimate Guide: Creating a Cyber Security Incident Response Plan
A cybersecurity Incident Response Plan (CSIRP) is the guiding light that grounds you during the emotional hurricane that follows a cyberattack. A CSIRP helps security teams minimize the impact of active cyber threats and outline mitigation strategies to prevent the same types of incidents from happening again. But as the complexity of cyberattacks increases, so too should the strategies that prevent them.
How to Implement a TPRM into your Existing Security Framework
Can TPRM programs integrate with my existing cybersecurity framework? These are just some of the questions troubling stakeholders at the precipice of a TPRM program implementation. While left answered, these questions cause delays in the onboarding of an initiative that could prevent a catastrophic third-party breach. Whether you’re considering implementing a TPRM program, or not sure how to even begin the implementation process, this article will be your guiding light.
Compliance Guide: 23 NY CRR and Third-Party Risk Management
The NY CRR 500 legislation was instituted by the New York Department of Financial Services (NYDFS) in 2017 in response to the rising trend of cyberattacks in the finance industry. Sometimes regarded as the GDPR for financial services, the NY CRR 500 has a very high standard for sensitive data protection, requiring protection strategies for ensuring the confidentiality, integrity, and security of information systems and nonpublic information (including customer data).
How to Calculate Risk Appetite for Third-Party Risk Management
Because virtually all vendor risk management processes depend upon the third-party risk standards stipulated in a risk appetite statement, it’s almost impossible to secure your third-party attack surface without a risk appetite statement.
API attack types and mitigations
Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).
Cybersecurity vs Computer Forensics: Same goal, different measures
Information security (infosec) should be at the top of the agenda for any business that operates in a data-driven and digital environment – and to be honest, which business today doesn’t? But when hiring for infosec positions, it’s important that business leaders understand the differences between cybersecurity versus a computer forensics role.
How We Help You Monitor Suppliers' Risk
We did an ROI analysis of SecurityScorecard. Here's what we found out: Companies achieve a close to 200% ROI over 3 years. Here's how: Continuously monitoring cyber threats is difficult to handle for small cyber teams, forcing them to hire more people. In the current economic climate, those personnel costs make up the bulk of company expenses. SecurityScorecard allows you to streamline your third-party risk management program and run your TPM program with a smaller, more efficient team.
Automatically Update URL Blocklists in Zscaler Using Torq
Blocking access to certain URLs is a simple, effective strategy for protecting users and the network. But, in a world where new and increasingly sophisticated scams seem to appear almost weekly, the task of maintaining that list can become overly burdensome when performed manually. Torq offers a number of ways to automate URL blocklist management, reducing manual effort and speeding up response to new threats.
3 Critical Best Practices of Software Supply Chain Security:
If your organization develops software and applications to deliver products and solutions, then more than likely you’re using third-party open source components to help create them. According to most estimates, open source components now make up over 80 percent of software products.