According to the Information Security Forum (ISF), with growing recognition that security awareness in isolation rarely leads to sustained behavior change, organizations need to proactively develop a robust human-centered security program to reduce the number of security incidents associated with poor security behavior.

Basketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!).

With cyber resilience, it is the same kind of philosophy: reducing your cyber incident risk and not just relying on one line of defense or one capability you think will be the one that finally stops the bad actors. Looking at the standards for cyber resilience in federal agencies will help businesses understand both the essentials and the additional steps they need to take to fully safeguard their assets.

Today's cyber environment is one of rapid and constant change. Stepping up in technological savvy, threat actors are using an arsenal of new and sophisticated techniques that make recognizing their attacks harder than ever. There are several thousand products and thousand different threats and risks. Cybersecurity seems as elusive and probably as impossible as the “happiness problem.” 

Security magazine and its partner for the Top Cybersecurity Leaders, (ISC)², is looking for enterprise information security executives, who have made and continue to make significant contributions in the cybersecurity space to their organizations and/or the enterprise-level information security profession.

The Standoff, an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city, has concluded. The event took place Nov. 12-17, 2020, pitting information security veterans against skilled hackers in a battle to hack mock banks, utilities, airports, downtown hubs, IoT systems, cargo and public transportation, telecoms systems and more.

TrapX Security released findings of a research survey in partnership with the Enterprise Strategy Group (ESG). The survey asked 150 cyber and IT professionals directly involved in security strategy, control and operations within manufacturing organizations about their current and future concerns.  

Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts.