Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
8 Мая вебинар от Tenable и Siemens на тему: "Adapting Asset and Vulnerability Management Processes for Operational Technology". Обсудят:
- Breaking down silos between OT and IT
- Which OT asset attributes must be tracked
- Practical tips for effective OT asset management
- Adapting vulnerability remediation processes for OT
https://www.tenable.com/webinars/adapting-asset-and-vulnerability-management-for-ot
- Breaking down silos between OT and IT
- Which OT asset attributes must be tracked
- Practical tips for effective OT asset management
- Adapting vulnerability remediation processes for OT
https://www.tenable.com/webinars/adapting-asset-and-vulnerability-management-for-ot
Tenable®
Adapting Asset and Vulnerability Management Processes for Operational
Join Siemens and Tenable to learn how can you break down siloed practices and better protect both IT and OT.
Forwarded from SecurityLab.ru
Национальный институт стандартов и технологий США (The National Institute of Standards and Technology, NIST) выпустил обновление исследовательского набора инструментов (Automated Combinatorial Testing for Software, ACTS), призванное помочь разработчикам сложных критически важных с точки зрения безопасности приложений выявлять потенциально опасные ошибки в своем ПО.
NIST обновил инструмент для поиска ошибок в критически важном ПО
NIST обновил инструмент для поиска ошибок в критически важном ПО
SecurityLab.ru
NIST обновил инструмент для поиска ошибок в критически важном ПО
Инструмент CCM позволяет тестировать программное обеспечение с тысячами входных переменных.
Расскажут про roadmap nist framework
https://www.nist.gov/news-events/events/2019/04/next-cybersecurity-framework-webcast-look-back-look-ahead
https://www.nist.gov/news-events/events/2019/04/next-cybersecurity-framework-webcast-look-back-look-ahead
NIST
Next Up! Cybersecurity Framework Webcast: A Look Back, A Look Ahead
Note: Captioning will be available by 5/8/2019 NIST recently celebrated the Framework for Improving Critical Infrastructure Cybersecurity’s 5 th anniversary in...
Любителям "трофейного ПО" посвящается.
Supply Chain Hackers Snuck Malware Into Videogames | WIRED
https://www.wired.com/story/supply-chain-hackers-videogames-asus-ccleaner/
Supply Chain Hackers Snuck Malware Into Videogames | WIRED
https://www.wired.com/story/supply-chain-hackers-videogames-asus-ccleaner/
WIRED
Supply Chain Hackers Snuck Malware Into Videogames
An aggressive group of supply chain hackers strikes again, this time further upstream.
Однозначный тренд в эпоху GDPR.
States giving privacy officers a seat at the table -- GCN
https://gcn.com/articles/2019/04/22/nascio-chief-privacy-officers.aspx?m=1
States giving privacy officers a seat at the table -- GCN
https://gcn.com/articles/2019/04/22/nascio-chief-privacy-officers.aspx?m=1
GCN
States giving privacy officers a seat at the table -- GCN
Most states are addressing privacy issues, and the number of dedicated CPOs is on the rise.
Naming and shaming nations that launch cyberattacks does work, say intel chiefs | ZDNet
https://www.zdnet.com/article/naming-and-shaming-nations-that-launch-cyberattacks-does-work-say-intel-chiefs/
https://www.zdnet.com/article/naming-and-shaming-nations-that-launch-cyberattacks-does-work-say-intel-chiefs/
ZDNet
Naming and shaming nations that launch cyberattacks does work, say intel chiefs
Cybersecurity agencies explain when and why they attribute cyberattacks to other nations.
Пример того насколько надежна современная атрибуция кибер атак.
"...When we used to put out anonymised, non-attributable attacks, we'd say we'd seen something somewhere and this is how you can fix it, you can get a certain response. When you say this is Russia, you get a bigger response and that does matter," he said..."
"...When we used to put out anonymised, non-attributable attacks, we'd say we'd seen something somewhere and this is how you can fix it, you can get a certain response. When you say this is Russia, you get a bigger response and that does matter," he said..."
Council Post: AI And The Cybersecurity Workforce: A Whole New World
https://www.forbes.com/sites/forbestechcouncil/2019/04/26/ai-and-the-cybersecurity-workforce-a-whole-new-world/amp/
https://www.forbes.com/sites/forbestechcouncil/2019/04/26/ai-and-the-cybersecurity-workforce-a-whole-new-world/amp/
Forbes
Council Post: AI And The Cybersecurity Workforce: A Whole New World
AI and the humans that work so closely with it will be able to complement each other's strengths and weaknesses.
Forwarded from Пост Лукацкого
5 советов, от которых зависит успешность вашего SOC (презентация) https://t.co/o1jWWnzFBD
— Alexey Lukatsky (@alukatsky) April 29, 2019
— Alexey Lukatsky (@alukatsky) April 29, 2019
Forwarded from Vulnerability Management and more
Vulnerability Management vendors and Vulnerability Remediation problems
It’s not a secret, that #VulnerabilityManagement vendors don’t pay much attention to the actual process of fixing vulnerabilities, that they detect in the infrastructure (Vulnerability Remediation).
In fact, most of VM vendors see their job in finding a potential problem and providing a link to the Software Vendor’s website page with the #remediation denoscription. How exactly the #remediation will be done is not their business.
Remediation is a painful topic and it’s difficult to sell it as a ready-made solution. And even when Vulnerability Vendors try to sell it this way, it turns out pretty ugly and does not really work. Mainly because the Remediation feature is sold to the Security Team, and the IT Team will have to use it.
#Windows #remediation #patch #Linux #VulnerabilityManagement
Read more: https://avleonov.com/2019/04/29/vulnerability-management-vendors-and-vulnerability-remediation-problems/
It’s not a secret, that #VulnerabilityManagement vendors don’t pay much attention to the actual process of fixing vulnerabilities, that they detect in the infrastructure (Vulnerability Remediation).
In fact, most of VM vendors see their job in finding a potential problem and providing a link to the Software Vendor’s website page with the #remediation denoscription. How exactly the #remediation will be done is not their business.
Remediation is a painful topic and it’s difficult to sell it as a ready-made solution. And even when Vulnerability Vendors try to sell it this way, it turns out pretty ugly and does not really work. Mainly because the Remediation feature is sold to the Security Team, and the IT Team will have to use it.
#Windows #remediation #patch #Linux #VulnerabilityManagement
Read more: https://avleonov.com/2019/04/29/vulnerability-management-vendors-and-vulnerability-remediation-problems/