While the transformation of software development has progressed, the management of information security and risk organization in such environment is not defined and adapted to support such an environment. Based on SAFe Agile Principles by Scaled Agile, this article will suggest 4 culture shift in IT Security organization may consider in order to adapt to the recent trend of Agile Software development.
Everyone is excited to give 2020 the boot. And while we don’t quite know what to expect in 2021, it can’t get any worse. Or can it? As businesses prepare for a new year, with a new set of challenges and new ways of working that may never change, one thing they need to be prioritizing is data privacy. Because if the dominoes fall and privacy is involved, the repercussions can result in a disaster.
It’s undeniable that Machine Learning (ML) is changing the game for securing cloud infrastructure. Security vendors have rapidly adopted ML as part of their solutions, and for good reason: By analyzing massive quantities of data, it can help identify threats, speed incident response, and ease the burden on over-taxed security operations teams.
Following months of virtual meetings, testimony and study, U.S. Attorney General William P. Barr submitted the final report of the President’s Commission on Law Enforcement and the Administration of Justice to the White House. This report represents the first comprehensive study of law enforcement in more than 55 years.
The Cybersecurity and Infrastructure Security Agency (CISA) is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk, says CISA.
Meet Ali Golshan, CTO and co-founder at StackRox, a Mountain View, Calif.-based leader in security for containers and Kubernetes. Prior to StackRox, he was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, he worked as a security researcher and engineer at Microsoft and PwC. His career started in government, conducting security and vulnerability research for the intelligence community. Here, we talk to Golshan about the benefits of DevOps.
Modern cloud based security systems and surveillance solutions have come a long way. While some companies continue to rely on the older technology they are accustomed to, traditional systems are continually being phased out in favor of the flexibility offered by cloud-based solutions. Cloud-based systems have a myriad of advantages over older, on-premises security systems, and there is rarely an instance where an on-premises system is preferred over a cloud-based framework when installing a new setup.
Relying on outdated fraud prevention and identification measures will no longer cut it, and businesses that don’t adapt will lag. As people continue to work, collaborate and socialize via their mobile devices, businesses must equip themselves with technology and tools that will prioritize fraud prevention. If not, companies risk losing their customers to those who have invested in more robust solutions.
As we have done in previous years, the Security magazine team compiled our favorite articles from this year. As we head into 2021, we hope you take a moment to review some of 2020’s top articles about lessons learned, thought leadership, security challenges and good practices.
The rise of high-profile data breaches and the implementation of data privacy laws have raised awareness that businesses and institutions rely on consumer information. While there is no single, comprehensive U.S. federal data privacy law, there are enough industry-specific compliance regulations in force in addition to HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, and a growing number of state privacy laws, that every organization needs to step up and recognize how subject rights requests fit into its data protection and cybersecurity policies.
RSS
