https://nordicvirtualsummit.com/agenda/ бесплатный саммит по безопасности Microsoft с акцентом в Azure
https://www.nccoe.nist.gov/projects/building-blocks/trusted-cloud/hybrid
draft of the NIST Cybersecurity Practice Guide SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments for public comment.
draft of the NIST Cybersecurity Practice Guide SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments for public comment.
Forwarded from Пост Лукацкого
Что-то рано в этом году прогнозы по ИБ на следующий год начали давать. В прошлом году так тоже многие надавали, а про SolarWinds не подумали. Но прогнозы Гартнера все-таки очень высокоуровневы и непроверяемы ;-) https://t.co/sKCstDNP7Y
— Alexey Lukatsky (@alukatsky) Oct 27, 2021
— Alexey Lukatsky (@alukatsky) Oct 27, 2021
Gartner
The Top 8 Cybersecurity Predictions for 2021-2022
A focus on privacy laws, ransomware attacks, cyber-physical systems and board-level scrutiny are driving the priorities of security and risk leaders
Пост Лукацкого
Что-то рано в этом году прогнозы по ИБ на следующий год начали давать. В прошлом году так тоже многие надавали, а про SolarWinds не подумали. Но прогнозы Гартнера все-таки очень высокоуровневы и непроверяемы ;-) https://t.co/sKCstDNP7Y — Alexey Lukatsky (@alukatsky)…
1. By the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population.
2. By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will adopt cloud-delivered Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA) and Firewall As A Service (FWaaS) capabilities from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
5. The percentage of nation states passing legislation to regulate ransomware payments, fines and negotiations will rise to 30% by the end of 2025, compared to less than 1% in 2021.
6. By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member.
7.By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest and political instabilities.
8. By 2025, threat actors will have weaponized operational technology environments successfully enough to cause human casualties.
2. By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will adopt cloud-delivered Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA) and Firewall As A Service (FWaaS) capabilities from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
5. The percentage of nation states passing legislation to regulate ransomware payments, fines and negotiations will rise to 30% by the end of 2025, compared to less than 1% in 2021.
6. By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member.
7.By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest and political instabilities.
8. By 2025, threat actors will have weaponized operational technology environments successfully enough to cause human casualties.
Forwarded from Пост Лукацкого
Согласно свежему отчету "The Forrester Wave™: Software Composition Analysis, Q3 2021" среди лидеров рынка по анализу исходных кодов ПО названы WhiteSource и Synopsys.
Forwarded from Пост Лукацкого
И оценки по всем ключевым игрокам мирового рынка (отечественные компании в шорт-лист не попали)
NIST has just released the second public draft of Special Publication (SP) 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, for public comment.
SP 800-161 Rev. 1 (Draft), C-SCRM Practices for Systems and Organizations | CSRC
https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/draft
SP 800-161 Rev. 1 (Draft), C-SCRM Practices for Systems and Organizations | CSRC
https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/draft
CSRC | NIST
NIST Special Publication (SP) 800-161 Rev. 1 (Withdrawn), Cyber Supply Chain Risk Management Practices for Systems and Organizations
Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain. These…