Запись вебинара по новой версии CIS controls v8
https://cisecurity.wistia.com/medias/9qnuy1s5vb
https://cisecurity.wistia.com/medias/9qnuy1s5vb
Wistia
Webinar | Welcome to CIS Controls v8
May 18, 2021 | 10 AM EDT Based on feedback from users around the world and working in a breadth of industries, we enhanced CIS Controls Version 8 to keep up with modern systems and software. Learn about the newly released CIS Controls v8 including its creation…
В ответах на твит много интересных ссылок.
https://twitter.com/likethecoins/status/1394802463371300865
https://twitter.com/likethecoins/status/1394802463371300865
Twitter
Katie Nickels
Someone asked me today about all the different jobs in cybersecurity and I rattled off 20+. Does anyone have a good resource describing potential jobs in cybersecurity or information security? I feel like I've seen a few resources around, but can't find them…
Новый черновик лучших практик Нист.
As part of a zero trust approach, data-centric security management aims to enhance protection of information (data) regardless of where the data resides or who it is shared with. Data-centric security management necessarily depends on organizations knowing what data they have, what its characteristics are, and what security and privacy requirements it needs to meet so the necessary protections can be achieved. Standardized mechanisms for communicating data characteristics and protection requirements are needed to make data-centric security management feasible at scale.
https://www.nccoe.nist.gov/projects/building-blocks/data-classification
As part of a zero trust approach, data-centric security management aims to enhance protection of information (data) regardless of where the data resides or who it is shared with. Data-centric security management necessarily depends on organizations knowing what data they have, what its characteristics are, and what security and privacy requirements it needs to meet so the necessary protections can be achieved. Standardized mechanisms for communicating data characteristics and protection requirements are needed to make data-centric security management feasible at scale.
https://www.nccoe.nist.gov/projects/building-blocks/data-classification
Намерение генеральных директоров увеличить расходы на цифровые решения и ИТ неизбежно влечет повышение расходов на ИБ.
https://www.gartner.com/smarterwithgartner/ceos-see-growth-in-2021-marked-by-3-shifts/
https://www.gartner.com/smarterwithgartner/ceos-see-growth-in-2021-marked-by-3-shifts/
Gartner
Gartner CEO Survey Shows Most Expect Growth in 2021
The 2021 Gartner #CEO Survey, with responses from 465 global #business leaders, shows where CEOs are placing their growth bets this year. Read more from @Gartner_inc.
Forwarded from Пост Лукацкого
Интересный обзор новой стратегии США кибербезопасности - https://t.co/B7SchxQknr pic.twitter.com/CGDntQcaBA
— Alexey Lukatsky (@alukatsky) May 20, 2021
— Alexey Lukatsky (@alukatsky) May 20, 2021
Опасный прецедент перевода реальных атак в ответ на кибератаки.
#secactor
https://therecord.media/israel-bombed-two-hamas-cyber-targets/
#secactor
https://therecord.media/israel-bombed-two-hamas-cyber-targets/
therecord.media
Israel bombed two Hamas cyber targets
Amid the recent flareup in the Israel-Palestine conflict, the Israeli military said it bombed two objectives in the Gaza Strip that housed centers for Hamas cyber operations.
Forwarded from SecurityLab.ru (SecurityLab news)
Одна из крупнейших в США страховых компаний CNA заплатила хакерам $40 млн за восстановление доступа к своим сетям после атаки вымогательского ПО.
https://www.securitylab.ru/news/520430.php
https://www.securitylab.ru/news/520430.php
t.me
Страховой гигант CNA заплатил кибервымогателям $40 млн
Как показало внутреннее расследование CNA, группировка Phoenix не попадает под действие санкций правительства США.
Постер по аваренесу от Санс.
https://www.sans.org/security-resources/posters/leadership/security-awareness-roadmap-managing-human-risk-385/
https://www.sans.org/security-resources/posters/leadership/security-awareness-roadmap-managing-human-risk-385/
www.sans.org
SANS Institute
Computer security training, certification and free resources. We specialize in computer/network security, digital forensics, application security and IT audit.
https://twitter.com/shipulin_anton/status/1395680498068897795
New report by @USGAO on Cyber Insurance:
Insurers and Policyholders Face Challenges in an Evolving Market.
"The growing frequency and severity of cyberattacks have led more insurance clients to opt for cyber coverage—up from 26% in 2016 to 47% in 2020"
https://t.co/q2P6z5tAfJ https://t.co/2grhQEFCQP
New report by @USGAO on Cyber Insurance:
Insurers and Policyholders Face Challenges in an Evolving Market.
"The growing frequency and severity of cyberattacks have led more insurance clients to opt for cyber coverage—up from 26% in 2016 to 47% in 2020"
https://t.co/q2P6z5tAfJ https://t.co/2grhQEFCQP
www.gao.gov
Cyber Insurance: Insurers and Policyholders Face Challenges in an Evolving Market
Cyber insurance can help offset the costs of responding to and recovering from cyberattacks. The growing frequency and severity of cyberattacks have...
To tackle vulnerabilities in the UEFI space, the duo proposed a multi-step ideal scenerio to work toward:
Promote software bills of materials (SBOMS) extending to the firmware level
Have vendors include the intent of the components of the system
Produce analysis of code
Provide public risk scoring
Reduce purchasing of products that shape up poorly
https://www.scmagazine.com/home/security-news/vulnerabilities/dhs-announces-program-to-mitigate-vulnerabilities-below-the-operating-system/
Promote software bills of materials (SBOMS) extending to the firmware level
Have vendors include the intent of the components of the system
Produce analysis of code
Provide public risk scoring
Reduce purchasing of products that shape up poorly
https://www.scmagazine.com/home/security-news/vulnerabilities/dhs-announces-program-to-mitigate-vulnerabilities-below-the-operating-system/
SC Media
Cybersecurity News Articles | SC Media
The latest in IT security news and information for cybersecurity professionals.