Очередная встреча Московского отделения ISACA посвящена теме DevSecOps и пройдет он-лайн на платформе Google Meet. Для участия во встрече требуется регистрация. Регистрация бесплатна для всех, вне зависимости от членства в ISACA.
Дата встречи 25 марта 2021. Время встречи 19:00 (UTC +03:00)
Предварительная программа встречи:
1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."
https://engage.isaca.org/moscow/events/eventdenoscription?CalendarEventKey=ed19a49d-b81e-4fc6-9ad1-03849a540d6b
Дата встречи 25 марта 2021. Время встречи 19:00 (UTC +03:00)
Предварительная программа встречи:
1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."
https://engage.isaca.org/moscow/events/eventdenoscription?CalendarEventKey=ed19a49d-b81e-4fc6-9ad1-03849a540d6b
Московское отделение ISACA
DevSecOps
Очередная встреча Московского отделения ISACA посвящена теме DevSecOps и пройдет он-лайн на платфор
ISACARuSec pinned «Очередная встреча Московского отделения ISACA посвящена теме DevSecOps и пройдет он-лайн на платформе Google Meet. Для участия во встрече требуется регистрация. Регистрация бесплатна для всех, вне зависимости от членства в ISACA. Дата встречи 25 марта 2021.…»
New and improved Risk Management Framework (RMF) website that better highlights the resources NIST developed to support implementers.
https://www.nist.gov/blogs/cybersecurity-insights/nist-risk-management-framework-team-did-some-spring-cleaning
https://www.nist.gov/blogs/cybersecurity-insights/nist-risk-management-framework-team-did-some-spring-cleaning
FBI: One type of scam is costing business the most | ZDNet
https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/
https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/
ZDNet
FBI: One type of scam is costing business the most
Amid the global pandemic, cybercriminals went on an 'Internet crime spree', says FBI.
John Pescatore (SANS) opinion:
"Just to put that $4B number in perspective: the 2020 National Retail Federation shrinkage survey estimated that 2019 shrinkage (inventory loss from shoplifting, employee theft, supplier error/fraud, cashier errors and other causes) was $62B in the retail sector alone.
Three key points here: (1) the FBI IC3 data comes from complaints filed with the FBI, the numbers don’t reflect overall losses in anyway; (2) in many industries, traditional crime continues to have a much larger business impact that cybercrime; (3) retail has kept shrinkage in the range of 1.5 – 2% over the years, while spending 1-1.5% of revenue on loss prevention/shrinkage control, meaning a 3% loss of revenue to shrinkage and the loss prevention program is an acceptable cost of doing business.
Increasing spending in loss prevention without reducing shrinkage enough would result in a loss of profit, even if the absolute level of shrinkage went down. Can you talk similar language about the effectiveness of your spending on security controls to justify increases or changes?"
"Just to put that $4B number in perspective: the 2020 National Retail Federation shrinkage survey estimated that 2019 shrinkage (inventory loss from shoplifting, employee theft, supplier error/fraud, cashier errors and other causes) was $62B in the retail sector alone.
Three key points here: (1) the FBI IC3 data comes from complaints filed with the FBI, the numbers don’t reflect overall losses in anyway; (2) in many industries, traditional crime continues to have a much larger business impact that cybercrime; (3) retail has kept shrinkage in the range of 1.5 – 2% over the years, while spending 1-1.5% of revenue on loss prevention/shrinkage control, meaning a 3% loss of revenue to shrinkage and the loss prevention program is an acceptable cost of doing business.
Increasing spending in loss prevention without reducing shrinkage enough would result in a loss of profit, even if the absolute level of shrinkage went down. Can you talk similar language about the effectiveness of your spending on security controls to justify increases or changes?"
Probably ransom number record - 50 mil. $.
https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/amp/
https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/amp/
BleepingComputer
Computer giant Acer hit by $50 million ransomware attack
Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.