SP 800-204, Security Strategies for Microservices-based Application Systems | CSRC
https://csrc.nist.gov/publications/detail/sp/800-204/final
https://csrc.nist.gov/publications/detail/sp/800-204/final
CSRC | NIST
NIST Special Publication (SP) 800-204, Security Strategies for Microservices-based Application Systems
Microservices architecture is increasingly being used to develop application systems since its smaller codebase facilitates faster code development, testing, and deployment as well as optimization of the platform based on the type of microservice, support…
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
В дополнение к руководству по кибербезопасности для промПК - Siemens выпустил аналогичное руководство по оценке киберрисков для операторских панелей.
https://support.industry.siemens.com/cs/document/109481300/security-guidelines-for-simatic-hmi-devices?dti=0&dl=en&lc=ru-RU
https://support.industry.siemens.com/cs/document/109481300/security-guidelines-for-simatic-hmi-devices?dti=0&dl=en&lc=ru-RU
GSA releases ‘de-risking’ handbook for state IT | StateScoop
https://statescoop.com/gsa-derisking-custom-technology-projects-state-government/
https://statescoop.com/gsa-derisking-custom-technology-projects-state-government/
StateScoop
GSA releases ‘de-risking’ handbook for state IT | StateScoop
Published on Github, the guide is designed to help non-technical budgeting officials grasp modern software-development best practices.
Forwarded from Vulnerability Management and more
This is most likely a #slowpoke news, but I just found out that Tenable .audit files with formalized Compliance Management checks are publicly available and can be downloaded without any registration. 😳🤩 However, you must accept the looooong license agreement.
So, I have two (completely theoretical!) questions 🤔:
1) What if someone supports the .audit format in some compliance management tool and gives the end user an ability to use this content by #Tenable to asses their systems? Will it be fair and legal?
2) What if someone uses this content as a source of inspiration for his own content, for example, in a form of #OVAL / #SCAP or some noscripts? Will it be fair and legal?
So, I have two (completely theoretical!) questions 🤔:
1) What if someone supports the .audit format in some compliance management tool and gives the end user an ability to use this content by #Tenable to asses their systems? Will it be fair and legal?
2) What if someone uses this content as a source of inspiration for his own content, for example, in a form of #OVAL / #SCAP or some noscripts? Will it be fair and legal?
Forwarded from Пост Лукацкого
Kenna и Cyena предложили новую схему приоритезации уязвимостей - PVSS, где P - это predictive, то есть предсказательная система ранжирования уязвимостей https://t.co/9ZBuVc77LX
— Alexey Lukatsky (@alukatsky) August 11, 2019
— Alexey Lukatsky (@alukatsky) August 11, 2019
Twitter
DarkReading
New Vulnerability Risk Model Promises More-Efficient Security https://t.co/kBhvv2Slhz via @kg4gwa #risk #vulnerabilities
Forwarded from ZLONOV security
Австралийский центр кибербезопасности выпустил рекомендации по противодействию атакам с «распылением паролей» (password spraying attacks). В качестве одного из самых эффективных способов противодействия указывается внедрение многофакторной аутентификации. https://vk.com/zlonovru?w=wall-88373861_794
VK
Аутентификация, биометрия, электронная подпись
Австралийский центр кибербезопасности (The Australian Cyber Security Centre - ACSC) выпустил рекомендации по противодействию атакам с «распылением паролей» (password spraying attacks). «Распыление паролей» - это вариация атаки методом перебора (brute-force…
Forwarded from SecurityLab.ru
Некоммерческая организация HITRUST, занимающаяся разработкой стандартов безопасности данных и сертификацией, запустила новую инициативу, призванную стимулировать ИБ-специалистов к улучшению средств контроля кибербезопасности в своих компаниях. HITRUST также представила результаты исследования, подтверждающие, что оценка зрелости и проработанности средств управления безопасностью позволяет определить их дальнейшую эффективность.
HITRUST ввела оценку зрелости средств управления безопасностью
HITRUST ввела оценку зрелости средств управления безопасностью
SecurityLab.ru
HITRUST ввела оценку зрелости средств управления безопасностью
Чем выше оценка HITRUST CSF, тем меньше ошибок в управлении и ниже риск для клиентов компаний.
Emergency declarations improve cyberattack recovery, report says
https://statescoop.com/emergency-declaration-louisiana-cyberattacks-improve-recovery-moodys/
https://statescoop.com/emergency-declaration-louisiana-cyberattacks-improve-recovery-moodys/
StateScoop
Emergency declarations improve cyberattack recovery, report says | StateScoop
A new report from Moody’s says Louisiana Gov. John Bel Edwards minimized damage by declaring a statewide emergency after a ransomware attack last month.
Нист запустил отдельный блог по кибербезопасности.
We have a new identity! Welcome to Cybersecurity Insights: a NIST blog! | NIST
https://www.nist.gov/blogs/cybersecurity-insights/we-have-new-identity-welcome-cybersecurity-insights-nist-blog
We have a new identity! Welcome to Cybersecurity Insights: a NIST blog! | NIST
https://www.nist.gov/blogs/cybersecurity-insights/we-have-new-identity-welcome-cybersecurity-insights-nist-blog
NIST
We have a new identity! Welcome to Cybersecurity Insights: a NIST blog!
The NIST Cyber Team welcomes everyone to our new blog - Cybersecurity Insights: a NIST blog. For the past few years, we have shared many milestones and updated you on countless topics on our I Think...