The shipping and energy infrastructure around us can be pretty inspiring. It reflects years of labor by our men and women, the scale of our economy, the power of our ingenuity. If you sit for a while and watch the ships coming in and out of harbor, you feel connected to history and the wider world. Yet cargo is not the only thing that’s moving.Read more »
"Reduce your attack surface..."
"Minimize the blast radius..."
Marketers use these doomsday metaphors to scare seasoned security pro's from day-to-day paranoia into action!Read more »
It’s been a busy May in the cyberworld. Israel’s military strike on Hamas hackers in Gaza was the biggest news, but the Department of Defense’s Report on China Military Power and a Department of Energy finding that the grid may have suffered a DDoS deserve mention too.Read more »
We’ve talked about how to prepare your organization to start ringfencing crown jewel applications – the people and process legs of the stool to address critical risks in securing your applications.
But why is segmentation important in the first place? If there is no specific compliance obligation, vulnerability issue, or failed PEN test, why should your business spend money on controls to ringfence its applications against the spread of breach? What exactly is the inaction tax for an organization with "status quo security"?Read more »
At the end of 2016, SWIFT introduced a new Customer Security Program, which also includes the SWIFT Customer Security Controls Framework (CSCF). Last August, SWIFT announced a new version of the SWIFT CSCF in response to the growing number of cyberattacks on SWIFT infrastructure, causing billions in financial losses. Member institutions are expected to comply with these new controls and attest to the mandatory controls at the end of 2019. The latest version promotes some advisory controls to mandatory controls and introduces new advisory controls.Read more »