Mapping ATT&CK Data Sources to Security Events via OSSEM 🛡⚔️ | by Jose Luis Rodriguez | Open Threat Research | Oct, 2020 | Medium
https://medium.com/threat-hunters-forge/mapping-att-ck-data-sources-to-security-events-via-ossem-%EF%B8%8F-b606d99e738c
https://medium.com/threat-hunters-forge/mapping-att-ck-data-sources-to-security-events-via-ossem-%EF%B8%8F-b606d99e738c
Medium
Mapping ATT&CK Data Sources to Security Events via OSSEM 🛡⚔️
The MITRE-ATT&CK team just released the last entry of a two-part blog series where they propose a new methodology to start defining…
10 Ways to Reduce IT Costs Quickly
https://www.gartner.com/smarterwithgartner/10-ways-to-quickly-reduce-it-costs/
https://www.gartner.com/smarterwithgartner/10-ways-to-quickly-reduce-it-costs/
Gartner
10 Ways to Quickly Reduce IT Costs
IT cost cuts may be coming - In fact, 39% of CFOs polled in May said they would cut costs in 4Q22 if high #inflation persisted. Here’s 🔟 ways to quickly reduce IT costs. #GartnerIT
Бизнес без опасности: Чеклист организации, выстраивающей стратегию безопасного удаленного доступа (презентация и видео)
https://lukatsky.blogspot.com/2020/10/blog-post_28.html?m=1
https://lukatsky.blogspot.com/2020/10/blog-post_28.html?m=1
Blogspot
Чеклист организации, выстраивающей стратегию безопасного удаленного доступа (презентация и видео)
Блог Алексея Лукацкого "Бизнес без опасности"
SP 800-53B, Control Baselines for Information Systems and Organizations | CSRC
https://csrc.nist.gov/publications/detail/sp/800-53b/final
https://csrc.nist.gov/publications/detail/sp/800-53b/final
CSRC | NIST
NIST Special Publication (SP) 800-53B, Control Baselines for Information Systems and Organizations
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level—low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is…
Open Source Security Foundation launches a new certification program on edX | ZDNet
https://www.zdnet.com/article/open-source-security-foundation-launches-a-new-certification-program-on-edx/
https://www.zdnet.com/article/open-source-security-foundation-launches-a-new-certification-program-on-edx/
ZDNet
Open Source Security Foundation launches a new certification program on edX
The Linux Foundation's OpenSSF is introducing a suite of security classes and a certification for open-source programmers.
Draft EU Legislation to Stop Banks Using Insecure Tech Suppliers – Team Cymru
https://team-cymru.com/blog/2020/10/28/draft-eu-legislation-to-stop-banks-using-insecure-tech-suppliers/
https://team-cymru.com/blog/2020/10/28/draft-eu-legislation-to-stop-banks-using-insecure-tech-suppliers/
Team Cymru
Draft EU Legislation to Stop Banks Using Insecure Tech Suppliers
The Wall Street Journal reports that national regulators in EU member states could be given the authority to force financial institutions to drop existing tech suppliers, if they fail to address cybersecurity problems. The WSJ
10 Best XDR Solutions: Extended Detection & Response Service
https://www.softwaretestinghelp.com/xdr-security-solutions/amp/
https://www.softwaretestinghelp.com/xdr-security-solutions/amp/
SP 800-208, Recommendation for Stateful Hash-Based Signature Schemes | CSRC
https://csrc.nist.gov/publications/detail/sp/800-208/final
https://csrc.nist.gov/publications/detail/sp/800-208/final
CSRC | NIST
NIST Special Publication (SP) 800-208, Recommendation for Stateful Hash-Based Signature Schemes
This recommendation specifies two algorithms that can be used to generate a digital signature, both of which are stateful hash-based signature schemes: the Leighton-Micali Signature (LMS) system and the eXtended Merkle Signature Scheme (XMSS), along with…
Forwarded from Anton Shipulin / Personal Channel
National Association of Regulatory Utility Commissioners (NARUC) выпустила «Cybersecurity Tabletop Exercise Guide» - пошаговое руководство по разработке и проведению штабных учений по кибербезопасности. Данное руководство – один из пяти документов из набора “Cybersecurity Manual”, так же включающего:
- Cybersecurity Strategy Development Guide
- Cybersecurity Preparedness: Questions for Utilities
- Cybersecurity Preparedness Evaluation Tool
- Cybersecurity Glossary
https://www.naruc.org/cpi-1/critical-infrastructure-cybersecurity-and-resilience/cybersecurity/cybersecurity-manual/
- Cybersecurity Strategy Development Guide
- Cybersecurity Preparedness: Questions for Utilities
- Cybersecurity Preparedness Evaluation Tool
- Cybersecurity Glossary
https://www.naruc.org/cpi-1/critical-infrastructure-cybersecurity-and-resilience/cybersecurity/cybersecurity-manual/
As companies align cyber with business needs, the BISO's time has come
https://www.scmagazine.com/home/security-news/network-security/everybody-wants-a-unicorn-as-companies-seek-to-align-cyber-with-business-enter-the-biso/
https://www.scmagazine.com/home/security-news/network-security/everybody-wants-a-unicorn-as-companies-seek-to-align-cyber-with-business-enter-the-biso/
SC Media
As companies align cyber with business needs, the BISO's time has come
The way organizations define and deploy BISOs (business information sescurity officers) depends how complex, risk-averse and regulated their business is.
Эксперты спрогнозировали дефицит специалистов по кибербезопасности :: Технологии и медиа :: РБК
https://www.rbc.ru/technology_and_media/02/11/2020/5f9c494a9a7947a702aa761f
https://www.rbc.ru/technology_and_media/02/11/2020/5f9c494a9a7947a702aa761f
РБК
Эксперты спрогнозировали дефицит специалистов по кибербезопасности
В условиях массового перехода на удаленку компании по всему миру намерены расширять штат специалистов в области кибербезопасности. Но это уже в 2021-м увеличит дефицит таких работников
TaoSecurity: Security and the One Percent: A Thought Exercise in Estimation and Consequences
https://taosecurity.blogspot.com/2020/10/security-and-one-percent-thought.html?m=1
https://taosecurity.blogspot.com/2020/10/security-and-one-percent-thought.html?m=1
Blogspot
Security and the One Percent: A Thought Exercise in Estimation and Consequences
Richard Bejtlich's blog on digital security, strategic thought, and military history.
Global Digital Trust Insights 2021: PwC
https://www.pwc.com/gx/en/issues/cybersecurity/digital-trust-insights.html
https://www.pwc.com/gx/en/issues/cybersecurity/digital-trust-insights.html
PwC
New world, new rules: Cybersecurity in an era of uncertainty - The C-suite playbook
Check out the latest findings from PwC’s 2026 Global Digital Insights Survey, reflecting the views of over 3,800 executives.