"When asked which top three threats are explicitly factored into their strategic risk management activities, 'cyber threats' was the most selected by UK CEOs and chosen by 75%, ahead of 'pandemics and other health crises' (62%), and 'uncertain economic growth' (57%).
Just over three three-quarters (77%) of UK CEOs say they plan to increase their investment in digital transformation in 2021. Meanwhile, concerns over the rate of technological change declined from 75% last year to 55% this year.
Two third of UK CEOs say they plan to increase investment in cyber security and data privacy. At a global level, cyber threats are the top concern for CEOs in the asset and wealth management, insurance, private equity, banking and capital markets, and technology sectors, according to PwC. "
https://www.zdnet.com/article/remote-work-makes-cybersecurity-a-top-worry-for-ceos/
Just over three three-quarters (77%) of UK CEOs say they plan to increase their investment in digital transformation in 2021. Meanwhile, concerns over the rate of technological change declined from 75% last year to 55% this year.
Two third of UK CEOs say they plan to increase investment in cyber security and data privacy. At a global level, cyber threats are the top concern for CEOs in the asset and wealth management, insurance, private equity, banking and capital markets, and technology sectors, according to PwC. "
https://www.zdnet.com/article/remote-work-makes-cybersecurity-a-top-worry-for-ceos/
ZDNet
Remote work makes cybersecurity a top worry for CEOs
Pandemics, hacks and economic growth are the top concern for UK CEOs.
API security becomes a ‘top’ priority for enterprise players | ZDNet
https://www.zdnet.com/article/api-security-becomes-a-top-priority-for-enterprise-players/
https://www.zdnet.com/article/api-security-becomes-a-top-priority-for-enterprise-players/
ZDNet
API security becomes a ‘top’ priority for enterprise players
As API attacks rise, the security surrounding their usage is now firmly on the radar.
Forwarded from Пост Лукацкого
NISTIR 8360 (Draft), Machine Learning for Access Control Policy Verification | CSRC
https://csrc.nist.gov/publications/detail/nistir/8360/draft
https://csrc.nist.gov/publications/detail/nistir/8360/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8360 (Draft), Machine Learning for Access Control Policy Verification
Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system simulation, and…
К сегодняшнему мероприятию по DevSecOps уже возможно подключиться, мероприятие стартовало в 19:10. Ссылка https://meet.google.com/pkw-fpii-uew .
Обращаем внимание, что мы оставляем за собой право ограничить подключение для не зарегистрировавшихся ранее участников на сайте отделения ISACA.
Программа встречи:
1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."
Обращаем внимание, что мы оставляем за собой право ограничить подключение для не зарегистрировавшихся ранее участников на сайте отделения ISACA.
Программа встречи:
1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."
Google
Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.
ISACARuSec pinned «К сегодняшнему мероприятию по DevSecOps уже возможно подключиться, мероприятие стартовало в 19:10. Ссылка https://meet.google.com/pkw-fpii-uew . Обращаем внимание, что мы оставляем за собой право ограничить подключение для не зарегистрировавшихся ранее участников…»
NIST requests additional discussion and feedback for consideration on open issues for the upcoming draft NIST Special Publication (SP) 800-63 rev. 4. NIST has posted the below items for open discussion on the GitHub repository:
IAL 1 Update - Low assurance identity proofing and enrolment
Liveness test for remote identity proofing
Differentiation of phishing-resistant authentication at AAL2
Requirements for wireless authenticators
Redefinition of verifier impersonation resistance
Requirements to strongly bind assertions to authenticated sessions at FAL3
The 60-day open discussion period will end on May 15. Important to note NIST will not be adjudicating discussions, but may offer additional clarification if needed. Please direct all feedback and discussion
· GitHub
https://github.com/usnistgov/800-63-4/issues
IAL 1 Update - Low assurance identity proofing and enrolment
Liveness test for remote identity proofing
Differentiation of phishing-resistant authentication at AAL2
Requirements for wireless authenticators
Redefinition of verifier impersonation resistance
Requirements to strongly bind assertions to authenticated sessions at FAL3
The 60-day open discussion period will end on May 15. Important to note NIST will not be adjudicating discussions, but may offer additional clarification if needed. Please direct all feedback and discussion
· GitHub
https://github.com/usnistgov/800-63-4/issues
GitHub
usnistgov/800-63-4
Contribute to usnistgov/800-63-4 development by creating an account on GitHub.
Forwarded from Positive Development Community
TLS 1.0, 1.1 официально объявлены устаревшими: https://datatracker.ietf.org/doc/rfc8996/
IETF Datatracker
RFC 8996: Deprecating TLS 1.0 and TLS 1.1
This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status. These versions lack support for current and recommended cryptographic algorithms…