Security Education & Training - Articles - Page 168

Creating the GSOC: 4 Leading Examples of Successful Security Operations Centers

The way forward with Risk Operations Centers

July 31, 2020

In recent years, Enterprise Risk Management has become increasingly focused on cybersecurity risks. While this focus on cyber is understandable, the current COVID crisis has demonstrated that the unpredictable nature of cascading risks requires viewing risk through a much wider risk aperture. One way forward to successfully navigate this new risk frontier is the establishment of a Risk Operations Center (ROC). The ROC enables enterprise and technology leaders to have the continuous monitoring they require to proactively mitigate all cyber issues. Additionally, it fully supports the CISO/cybersecurity leader's principal responsibilities identified by the HBR survey.

CISA to host 3rd Annual National Cybersecurity Summit

July 31, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it will host its 3rd annual National Cybersecurity Summit.

Security services and PPP loans – What did you receive?

Tim Lozier

July 30, 2020

Here, we took a look to see what companies within the Security and Patrol Service industry took PPP Loans, and the impact on the industry.

How to enforce security protocols when your workforce has gone remote

Adam Glick

July 29, 2020

As the head of information security for a technology company with more than a thousand (now mostly-remote) employees, the COVID-19 pandemic has been — among other adjectives — an educational experience. And while it hasn’t been completely smooth sailing, I believe one of the reasons we were able to transition so quickly to remote work with relatively few hiccups is that we established practices to withstand precisely this type of scenario long before the virus swept through our community.

The Long and Winding Road to Cyber Recovery

A call for industry coordination around DLT security

Stephen Scharf

July 28, 2020

As the financial services industry moves toward an ever-greater dependence on technology, we must always keep an eye on the future to ensure that any new technological advancement or implementation delivers the same, if not better, benefits and risk management capabilities. One emerging area that has garnered a lot of attention in recent years is Distributed Ledger Technology (DLT). While DLT holds great promise, there is currently no clear path around how to implement the technology in a way that addresses documented and evolving security risks.

EDPB issues guidance for cross-border data transfers in wake of Schrems II judgment

The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to put in place to use Standard Contractual Clauses and Binding Corporate Rules.

David M. Stauss

July 28, 2020

In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.

Implementing Zero Trust with FIM and SCM

Chris Hudson

July 27, 2020

Zero Trust model creator John Kindervag puts it like this: “The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.” He came up with the model in 2010, at a time when many businesses were just beginning to put foundational cybersecurity controls in place and over-relied on the assumed security inside their enterprise-owned network boundaries.

Goodbye, honeypots – Hello, true deception technology

Wade Lance

July 23, 2020

Honeypots were the first form of deception technology. IT security researchers started using them in the 1990s, with the intent to deceive malicious actors who had made it onto the network into interacting with a false system. In this way, honeypots could gather and assess the behavior of the malicious actors. They were not created for threat detection. However, things have changed a great deal in the years since honeypots were created – including deception technology.

No lock is unbreakable – how history has strengthened data security

Dave Konetski

July 22, 2020

Security has been and always will be important to humans. At the deepest level, all humans have an innate desire for security and protection and this desire now extends to our digital footprint.