Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
How To Build An Insider Threat Program
A functional insider threat program is a core part of any modern cybersecurity strategy. Having controls in place to prevent, detect, and remediate insider attacks and inadvertent data leaks is a necessity for any organization that strives to protect its sensitive data. A functional insider threat program is required by lots of regulations worldwide. For example, NISPOM Change 2 makes it obligatory for any subcontractor working with the US Department of Defense to implement an insider threat program. However, designing an insider threat program that is both effective and efficient can be hard.
5 Levels Of User Behavior Monitoring
User behavior monitoring is a new approach to insider threat prevention and detection. A lot of companies include a user and entity behavior analytics (UEBA) solution in their insider threat program. Implementing such a program is obligatory to comply with a lot of industry standards (e.g. NIST, HIPAA, PCI DSS, etc.). However, each company is free to use any insider threat prevention tool that meets their needs.
Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly
The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above 150 days on average.
How to secure your remote workforce
Since the outbreak of Covid-19, many organisations have had to make a swift transition to remote working to ensure business continuity. What would typically take months of planning and preparation was implemented in a matter of days. The chaos that this created, combined with the already uncertain nature of life during a pandemic, had created the ideal environment for cybercriminals.
Undetected e.04: TomNomNom - Hacking things back together
We know “go hack yourself,” but what about unhack yourself? According to Laura and Tom (@TomNomNom), it means understanding how something is built and how it works, before you can know if you’ve successfully hacked it apart. There were many valuable soundbites to take from this dynamic conversation between host Laura Kankaala and guest Tom Hudson of Detectify.
Undetected E04, Tom Hudson - Hacking Things Back Together
There are many paths you can take to become a security professional. In this episode, host Laura Kankaala talks with Tom Hudson (aka @TomNomNom) about his learning journey with computers and hacking which began with him taking it all apart. Tom’s tinkering obsession introduced him to the world of hacking and bug bounty competitions. Besides chasing bugs, Tom is also passionate about passing on knowledge through his particular teaching style, and he discusses some of the common struggles of people who are just getting started with security, but also what are the kinds of questions are the good questions to ask along the way.
KYC - Untying the gordian knot of identity verification
There is a common thread between academy-award winner, Leonardo Dicaprio and the indispensability of know-your-customer (KYC). For most of you Dicaprio fans out there, you would have guessed it by now, that connection is the blockbuster ‘Catch me if you can(2002)’[1]. Dicaprio portrays a master con artist, who some consider as the best of all-time, Frank Abegnale.
Data Security in Cloud Computing: Key Components
Businesses of all sizes are moving to the cloud to take advantage of the greater data availability, significant cost savings and data redundancy that cloud computing provides compared to a traditional data center-based physical infrastructure. Moving to the cloud can also reduce shadow IT and get data stores out from storage closets and underneath desks so they can be governed and protected in compliance with regulations and best practices.
Role of Identity and Access Management in Cybersecurity
In IT security debates, projects aimed at managing access and identifying users are considered fundamental. However, the processes and technologies for controlling permissions have proved challenging. To solve this dilemma, what is now called Identity Access Management (IAM) was created, which involves the definition and execution of identification processes related to the most critical businesses for a company.
