Geek-Guy.com

138 search results for "Security Assessment and Testing"

Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation

Cyberattacks are on the rise, with bad actors accelerating their nefarious exfiltration of valuable and confidential data from financial institutions, Federal agencies, healthcare organizations, and more. According to an IBM study, the Financial Services industry saw an increase in the cost of data breach from $5.72M in 2021 to $5.97M in 2022, an increase of […]

How to Support Agile Development Through Cybersecurity Best Practices

Understanding other people’s problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition. They want to be able to embrace […]

The post How to Support Agile Development Through Cybersecurity Best Practices appeared first on Blog.

The Five Principles of a Zero Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that direction. The foundational tenet of the zero trust model is that […]

The post The Five Principles of a Zero Trust Cybersecurity Model appeared first on Blog.

X-Force 2022 Insights: An Expanding OT Threat Landscape

This post was written with contributions from Dave McMillen. So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware, Industroyer2 and InController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities. The OT cyber threat landscape […]

The post X-Force 2022 Insights: An Expanding OT Threat Landscape appeared first on Security Intelligence.

Qualys Security Updates: Cloud Agent for Linux

The security and protection of our customers is of the utmost importance to us, as is transparency when issues arise. A customer responsibly disclosed two scenarios related to the Qualys Cloud Agent. For the first, we added supplementary safeguards for signatures running on Linux systems. In the second scenario, we dispute the finding; however, we […]

CREST membership body announces OWASP Verification Standard programme

CREST, the international not-for-profit, membership body representing the global cyber security industry, in consultation with the Open Web Application Security Project (OWASP), has launched the OWASP Verification Standard (OVS), a new quality assurance standard for the global application security industry. CREST OVS provides mobile and web app developers with greater security assurance and accredited organisations […]

The post CREST membership body announces OWASP Verification Standard programme appeared first on IT Security Guru.

Over a Decade in Software Security: What Have We learned?

With over a decade experience in software security, what can Synopsys teach us? Managing Consultant Adam Brown presented this very subject at Infosecurity Europe 2022, with the help of Synopsys’s BSIMM metrics. The Building Security in Maturity Model (BSIMM) is an assessment done by Synopsys that helps firms analyse the state of their software security. […]

The post Over a Decade in Software Security: What Have We learned? appeared first on IT Security Guru.

How CISOs can Find and Retain Security Staff During the Great Resignation

The rising demand for cybersecurity professionals As if the skill shortfall in cybersecurity wasn’t bad enough, the employment landscape is shifting rapidly. This shift is due, in part, to historically low unemployment claims, unrivaled quit rates, and swathes of baby boomers and older Gen X experts retiring – commonly known in HR circles as The […]

The post How CISOs can Find and Retain Security Staff During the Great Resignation appeared first on Blog.

Weak Security Controls and Practices Routinely Exploited for Initial Access

This CISA Alert reviews many weak security controls and the techniques and procedures routinely used for initial access. This Alert was co-authored by cybersecurity authorities of the United Kingdom (NCSC-UK), Canada (CCCS), New Zealand (NCSC-NZ), the Netherlands National Cyber Security Center, and the United States (CISA, NSA, and the FBI). The following techniques (in MITRE […]

The post Weak Security Controls and Practices Routinely Exploited for Initial Access appeared first on Infoblox Blog.

IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management

Organizations today are faced with defending a complex technology landscape — with cyberattacks targeted at constantly changing cloud, distributed, and on-premises environments. Often escaping security scans and periodic assessments, these changes represent windows of opportunities for attackers looking to bypass defenses. While there always have — and always will be — unknown risks, having a […]

The post IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management appeared first on Security Intelligence.

Building the CASE for the Vehicle Security Operations Center

This post was written with contributions from IBM Security’s Rob Dyson, Preston Futrell and Brett Drummond. Let’s explore a day in the life of a vehicle security operations center (VSOC). An autonomous vehicle is transporting passengers to their destination. Inside the vehicle, they are patiently waiting to arrive at their destination and, in the meantime, […]

The post Building the CASE for the Vehicle Security Operations Center appeared first on Security Intelligence.

Ethical Hacking and Penetration Testing. Where to Begin.

Looking at the employment landscape, it’s clear that prospects for landing cybersecurity positions are excellent and on the rise, but what about the commercial viability of that “grey side-gig”, ethical hacking and penetration testing? While the notion of “being bad to help the good people” is undoubtedly lucrative and very cool, where can we begin […]

The post Ethical Hacking and Penetration Testing. Where to Begin. appeared first on Blog.

Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had

Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you cannot even see these risks to your data repositories. Unfortunately, too many organizations are not doing enough to address two of the […]

The post Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had appeared first on Blog.