Очередная встреча Московского отделения ISACA посвящена теме DevSecOps и пройдет он-лайн на платформе Google Meet. Для участия во встрече требуется регистрация. Регистрация бесплатна для всех, вне зависимости от членства в ISACA.

Дата встречи 25 марта 2021. Время встречи 19:00 (UTC +03:00)

Предварительная программа встречи:

1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."

https://engage.isaca.org/moscow/events/eventdenoscription?CalendarEventKey=ed19a49d-b81e-4fc6-9ad1-03849a540d6b

New and improved Risk Management Framework (RMF) website that better highlights the resources NIST developed to support implementers.

https://www.nist.gov/blogs/cybersecurity-insights/nist-risk-management-framework-team-did-some-spring-cleaning

FBI: One type of scam is costing business the most | ZDNet
https://www.zdnet.com/article/fbi-one-type-of-scam-is-costing-business-the-most/

John Pescatore (SANS) opinion:
"Just to put that $4B number in perspective: the 2020 National Retail Federation shrinkage survey estimated that 2019 shrinkage (inventory loss from shoplifting, employee theft, supplier error/fraud, cashier errors and other causes) was $62B in the retail sector alone.

Three key points here: (1) the FBI IC3 data comes from complaints filed with the FBI, the numbers don’t reflect overall losses in anyway; (2) in many industries, traditional crime continues to have a much larger business impact that cybercrime; (3) retail has kept shrinkage in the range of 1.5 – 2% over the years, while spending 1-1.5% of revenue on loss prevention/shrinkage control, meaning a 3% loss of revenue to shrinkage and the loss prevention program is an acceptable cost of doing business.

Increasing spending in loss prevention without reducing shrinkage enough would result in a loss of profit, even if the absolute level of shrinkage went down. Can you talk similar language about the effectiveness of your spending on security controls to justify increases or changes?"

Probably ransom number record - 50 mil. $.

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/amp/

Another splendid example of Security awareness song. This time in Rap genre.

https://twitter.com/ArchieScorp/status/1373276414632415234

"When asked which top three threats are explicitly factored into their strategic risk management activities, 'cyber threats' was the most selected by UK CEOs and chosen by 75%, ahead of 'pandemics and other health crises' (62%), and 'uncertain economic growth' (57%).

Just over three three-quarters (77%) of UK CEOs say they plan to increase their investment in digital transformation in 2021. Meanwhile, concerns over the rate of technological change declined from 75% last year to 55% this year. 

Two third of UK CEOs say they plan to increase investment in cyber security and data privacy. At a global level, cyber threats are the top concern for CEOs in the asset and wealth management, insurance, private equity, banking and capital markets, and technology sectors, according to PwC. "


https://www.zdnet.com/article/remote-work-makes-cybersecurity-a-top-worry-for-ceos/