Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) | CSRC
https://csrc.nist.gov/publications/detail/white-paper/2019/06/11/mitigating-risk-of-software-vulnerabilities-with-ssdf/draft
https://csrc.nist.gov/publications/detail/white-paper/2019/06/11/mitigating-risk-of-software-vulnerabilities-with-ssdf/draft
CSRC | NIST
Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF) (Draft)
Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure the software being developed is well secured. This white paper…
Forwarded from Oleks Bodryk
webinar-calendar-june-2019---bt_508950.pdf
130.6 KB
webinar-calendar-june-2019---bt_508950.pdf
Senator asks Department of Justice if it can keep a lid on its software exploits
https://www.cyberscoop.com/department-of-justice-hacking-tools-ron-wyden-letter/
https://www.cyberscoop.com/department-of-justice-hacking-tools-ron-wyden-letter/
CyberScoop
Senator asks Department of Justice if it can keep a lid on its software exploits
In recent years, Department of Justice agencies have quietly acquired and deployed hacking tools in support of their law enforcement mission. A handful of high-profile cases have brought greater scrutiny to those efforts, most notably in 2016 when the FBI…
Интересная тенденция, похоже эксплойты постепенно становятся полноценным нематериальным активом для защиты которых возможно выпустят отдельный НПА.... В США.
Проектируете awareness учебный курс? Задумайтесь над концепцией микроуроков.
https://medium.com/sans-security-awareness/5-reasons-to-consider-micro-learning-for-your-security-awareness-training-program-a058f5098239
https://medium.com/sans-security-awareness/5-reasons-to-consider-micro-learning-for-your-security-awareness-training-program-a058f5098239
Medium
5 Reasons to Consider Micro-Learning for Your Security Awareness Training Program
By Andrew Mantuano
На прошлой неделе Брюс Шнаер проводил Workshop on the Economics of Information Security в Гарварде. По линку описание докладов и сами доклады. Рекомендуются к просмотру.
https://www.lightbluetouchpaper.org/2019/06/03/weis-2019-liveblog/
https://www.lightbluetouchpaper.org/2019/06/03/weis-2019-liveblog/
Учебные материалы по одной из самых популярных и бесплатных платформ threatexchange misp.
https://twitter.com/MISPProject/status/1138512182625427457?s=09
https://twitter.com/MISPProject/status/1138512182625427457?s=09
Twitter
MISP
Joining us at the @FIRSTdotOrg #firstcon19 next Monday and Tuesday for the @MISPProject training session - don't hesitate to download the VM before joining us https://t.co/oy4fUeBphW and the training materials are already available here https://t.co/I3bDu9QlaZ…
Новый проект ЕС takedown направлен на понимание мотивации ОПГ и террористов, теперь и в части киберугроз.
https://www.brighttalk.com/webcast/10415/359985
https://www.brighttalk.com/webcast/10415/359985
Brighttalk
The Nexus of Organized Cyber Crime and Cyber Terrorism
New Services and Tools for Supporting First-line-practitioners and Law Enforcement Agencies.
In recent years, Europe has been at increased risk of extremist violence and terrorism – from Islamic fund...
In recent years, Europe has been at increased risk of extremist violence and terrorism – from Islamic fund...
Продолжение серии отчетов про экономику киберпреступлений.
https://twitter.com/ArchieScorp/status/1138523436492435456?s=09
https://twitter.com/ArchieScorp/status/1138523436492435456?s=09
Twitter
Alexander Redchits
И продолжение серии отчетов https://t.co/sGCFHuriY7
Экономическое значение безопасности DNS.
https://www.globalcyberalliance.org/use-of-dns-firewalls-could-reduce-33-of-all-cybersecurity-breaches/
https://www.globalcyberalliance.org/use-of-dns-firewalls-could-reduce-33-of-all-cybersecurity-breaches/
GCA | Global Cyber Alliance | Working to Eradicate Cyber Risk
Use of DNS Firewalls Could Reduce 33% of All Cybersecurity Breaches, New Global Cyber Alliance Research Finds - GCA | Global Cyber…
New research from the Global Cyber Alliance has found that Domain Name System (DNS) firewalls, also known as protective DNS, which are freely available and easy to install, could prevent 33% of cybersecurity data breaches from occurring.
Новый черновик NIST
Detecting and Protecting Against Data Integrity Attacks in Industrial Control Systems Environments | NCCoE
https://www.nccoe.nist.gov/projects/use-cases/manufacturing/detecting-protecting-industrial-control-systems
Detecting and Protecting Against Data Integrity Attacks in Industrial Control Systems Environments | NCCoE
https://www.nccoe.nist.gov/projects/use-cases/manufacturing/detecting-protecting-industrial-control-systems
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Github репозиторий, cобирающий материалы по теме безопасности и кибербезопасности роботов с пошаговыми руководствами: Robot reconnaissance, Robot footprinting, Robot enumeration, Robot Threat Modeling & Robot Vulnerability Identification, Robot exploitation, Robot forensics, Robot reversing and Other
https://github.com/vmayoral/basic_robot_cybersecurity
https://github.com/vmayoral/basic_robot_cybersecurity
GitHub
vmayoral/basic_robot_cybersecurity
An introductory series of cybersecurity for robots with a somewhat comprehensive step-by-step tutorials. - vmayoral/basic_robot_cybersecurity
Обзор докладов WEIS, ссылка на которые публиковалась выше
https://lukatsky.blogspot.com/2019/06/iso-27001-bug-bounty.html?m=1
https://lukatsky.blogspot.com/2019/06/iso-27001-bug-bounty.html?m=1
Blogspot
Почему сертификат ISO 27001 приводит к снижению инвестиционной привлекательности, а программа bug bounty лучше пентестов...
Блог Алексея Лукацкого "Бизнес без опасности"
Forwarded from Пост Лукацкого
Выложены презентации с ITSF 2019 https://t.co/UCKRt2c48l @itsfkzn
— Alexey Lukatsky (@alukatsky) June 14, 2019
— Alexey Lukatsky (@alukatsky) June 14, 2019
itsecurityforum.ru
ITSF 2019
XIII Цифровой Форум - ITSF. Большие данные. Кибербезопасность. Законодательство.