К сегодняшнему мероприятию по DevSecOps уже возможно подключиться, мероприятие стартовало в 19:10. Ссылка https://meet.google.com/pkw-fpii-uew .
Обращаем внимание, что мы оставляем за собой право ограничить подключение для не зарегистрировавшихся ранее участников на сайте отделения ISACA.
Программа встречи:
1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."
Обращаем внимание, что мы оставляем за собой право ограничить подключение для не зарегистрировавшихся ранее участников на сайте отделения ISACA.
Программа встречи:
1. Иван Елкин, QIWI - “DevSecOps, начало. Если вы купили еще одну компанию.”
2. Сергей Харюк, Технический директор Cyberlands.io - "DevSecOps - безопасность в CI\CD."
3. Андрей Бажин, Независимый эксперт, "SDLC проблемы и пути решения на примере финансового сектора."
Google
Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.
ISACARuSec pinned «К сегодняшнему мероприятию по DevSecOps уже возможно подключиться, мероприятие стартовало в 19:10. Ссылка https://meet.google.com/pkw-fpii-uew . Обращаем внимание, что мы оставляем за собой право ограничить подключение для не зарегистрировавшихся ранее участников…»
NIST requests additional discussion and feedback for consideration on open issues for the upcoming draft NIST Special Publication (SP) 800-63 rev. 4. NIST has posted the below items for open discussion on the GitHub repository:
IAL 1 Update - Low assurance identity proofing and enrolment
Liveness test for remote identity proofing
Differentiation of phishing-resistant authentication at AAL2
Requirements for wireless authenticators
Redefinition of verifier impersonation resistance
Requirements to strongly bind assertions to authenticated sessions at FAL3
The 60-day open discussion period will end on May 15. Important to note NIST will not be adjudicating discussions, but may offer additional clarification if needed. Please direct all feedback and discussion
· GitHub
https://github.com/usnistgov/800-63-4/issues
IAL 1 Update - Low assurance identity proofing and enrolment
Liveness test for remote identity proofing
Differentiation of phishing-resistant authentication at AAL2
Requirements for wireless authenticators
Redefinition of verifier impersonation resistance
Requirements to strongly bind assertions to authenticated sessions at FAL3
The 60-day open discussion period will end on May 15. Important to note NIST will not be adjudicating discussions, but may offer additional clarification if needed. Please direct all feedback and discussion
· GitHub
https://github.com/usnistgov/800-63-4/issues
GitHub
usnistgov/800-63-4
Contribute to usnistgov/800-63-4 development by creating an account on GitHub.
Forwarded from Positive Development Community
TLS 1.0, 1.1 официально объявлены устаревшими: https://datatracker.ietf.org/doc/rfc8996/
IETF Datatracker
RFC 8996: Deprecating TLS 1.0 and TLS 1.1
This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status. These versions lack support for current and recommended cryptographic algorithms…
Forwarded from Пост Лукацкого
https://dsopas.github.io/MindAPI/play/ - A really comprehensive API security testing mind-map!
Планируем следующую он-лайн встречу на апрель-май. Решили разбить DevSecOps на 2 подтемы. Также вы можете предложить свою тему в чате или в личном сообщении.
Anonymous Poll
33%
1. DevSecOps - General & Piplene
40%
2. DevSecOps -Secrets management
23%
3. Threats and trends 2021
13%
4. Compliance automation
25%
5. API Security
29%
6. Kubernetes security
27%
7. SOC
Coleen Coolidge, CISO at Twilio (a unicorn) shares how to find common language with executives who didn't give a shit about security https://www.youtube.com/watch?v=b0r5vc_eCoU&list=WL&index=2
YouTube
BSidesSF 2017 - How to Build a Security Team and Program (Coleen Coolidge)
How to Build a Security Team and Program
I will share how I was able to build a security team and program from scratch at Twilio, an SF startup that just recently went IPO. I will be telling war stories that demonstrate what problems they will face and…
I will share how I was able to build a security team and program from scratch at Twilio, an SF startup that just recently went IPO. I will be telling war stories that demonstrate what problems they will face and…
ISACARuSec pinned «Планируем следующую он-лайн встречу на апрель-май. Решили разбить DevSecOps на 2 подтемы. Также вы можете предложить свою тему в чате или в личном сообщении.»
Adaptive Security
An adaptive security approach treats risk, trust and security as a continuous and adaptive process that anticipates and mitigates constantly evolving cyber threats. This approach features components for prediction, prevention, detection and response. It forgoes traditional notions of perimeter, assuming there is no boundary for safe and unsafe, a necessary conceptual shift given the migration to cloud services.
Gartner predicts that 75% of government CIOs will be directly responsible for security outside of IT by 2025, to include operational and mission-critical technology environments.
An adaptive security approach treats risk, trust and security as a continuous and adaptive process that anticipates and mitigates constantly evolving cyber threats. This approach features components for prediction, prevention, detection and response. It forgoes traditional notions of perimeter, assuming there is no boundary for safe and unsafe, a necessary conceptual shift given the migration to cloud services.
Gartner predicts that 75% of government CIOs will be directly responsible for security outside of IT by 2025, to include operational and mission-critical technology environments.