The Six Pillars of DevSecOps: Automation | Cloud Security Alliance
https://cloudsecurityalliance.org/artifacts/devsecops-automation/
https://cloudsecurityalliance.org/artifacts/devsecops-automation/
CSA
The Six Pillars of DevSecOps: Automation | CSA
Automation is a critical component of DevSecOps because it enables process efficiency, allowing developers, infrastructure, and information security teams to focus on delivering value rather than repeating manual efforts and errors with complex deliverables.…
NISTIR 8286 (Draft), Integrating Cybersecurity and Enterprise Risk Management (ERM) | CSRC
https://csrc.nist.gov/publications/detail/nistir/8286/draft
https://csrc.nist.gov/publications/detail/nistir/8286/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8286 (Withdrawn), Integrating Cybersecurity and Enterprise Risk Management (ERM)
The increasing frequency, creativity, and variety of cybersecurity attacks means that all enterprises should ensure cybersecurity risk is getting the appropriate attention within their enterprise risk management (ERM) programs. This document is intended to…
Summary of Changes:
A new noscript is proposed to offer flexibility and modularity of the NICE Framework in coordination with other workforce frameworks.
The organizing constructs of Specialty Areas and Categories have been deprecated.
The relationships among Knowledge, Skills, Abilities, and Tasks have changed.
Knowledge, Skill, and Task (KST) statements will no longer be located in the publication, but rather as supplementary documents.
A new noscript is proposed to offer flexibility and modularity of the NICE Framework in coordination with other workforce frameworks.
The organizing constructs of Specialty Areas and Categories have been deprecated.
The relationships among Knowledge, Skills, Abilities, and Tasks have changed.
Knowledge, Skill, and Task (KST) statements will no longer be located in the publication, but rather as supplementary documents.
ISACARuSec
https://twitter.com/AndreaBarisani/status/1283340008334729216?s=09
Risk of hardware counterfeit is not neglectible.
Remote working: This free tool tests how good your security really is | ZDNet
https://www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/
https://www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/
ZDNet
Remote working: This free tool tests how good your security really is | ZDNet
The NCSC's Exercise in a Box toolset has been updated to help organisations keep their employees safe while working from home.
COBIT Focus Area: Information Security
https://www.isaca.org/bookstore/bookstore-cobit_19-print/cb19is?cid=pr_2004718&Appeal=pr
https://www.isaca.org/bookstore/bookstore-cobit_19-print/cb19is?cid=pr_2004718&Appeal=pr
ISACA
COBIT Focus Area: Information Security
ISACARuSec pinned «https://www.businesswire.com/news/home/20200714005740/en/New-COBIT-Resource-ISACA-Offers-Guidance-Governance»
European court strikes down EU-US Privacy Shield user data exchange agreement as invalid | ZDNet
https://www.zdnet.com/article/european-court-strikes-down-eu-us-privacy-shield-citizen-data-transfer-agreement/
https://www.zdnet.com/article/european-court-strikes-down-eu-us-privacy-shield-citizen-data-transfer-agreement/
ZDNet
European court strikes down EU-US Privacy Shield user data exchange agreement as invalid | ZDNet
The decision could have immediate ramifications for the transfer of user data between the US and Europe.
SP 800-209 (Draft), Security Guidelines for Storage Infrastructure | CSRC
https://csrc.nist.gov/publications/detail/sp/800-209/draft
https://csrc.nist.gov/publications/detail/sp/800-209/draft
CSRC | NIST
NIST Special Publication (SP) 800-209 (Draft), Security Guidelines for Storage Infrastructure
Storage technology, just like its computing and networking counterparts, has evolved from traditional storage service types, such as block, file, and object. Specifically, the evolution has taken two directions: one along the path of increasing storage media…