Architecture, Government and InfoSec - Cyber Security Informer

Threat Modeling and Architecture

Adam Shostack

JANUARY 2, 2025

[no description provided] " Threat Modeling and Architecture " is the latest in a series at Infosec Insider. After I wrote my last article on Rolling out a Threat Modeling Program, Shawn Chowdhury asked (on Linkedin) for more informatioin on involving threat modeling in the architecture process. Have we done a good job?

Architecture

Architecture InfoSec Engineering Backups

State of Cybersecurity in Canada 2025: Key Insights for InfoSec Leaders

SecureWorld News

FEBRUARY 5, 2025

The State of Cybersecurity in Canada 2025 report, published by the Canadian Cybersecurity Network (CCN) and the Security Architecture Podcast , delivers an in-depth analysis of the evolving threat landscape, emerging risks, and strategic recommendations for Canadian organizations.

InfoSec

InfoSec Energy and Utilities Cybersecurity Education

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

OCTOBER 18, 2024

Knowledge of cloud systems architecture and how it interacts with various devices is invaluable. reports that CISOs divide their work efforts among leadership roles (35% of the time), risk assessment management (44%), and data privacy and governance (33%). The study pegs the worldwide active cybersecurity workforce at 5.5

Cybersecurity

Cybersecurity Artificial Intelligence Penetration Testing CISO

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

As the rules were authorized in late 2023, we shared what we see as the implications for infosec leaders. But theyre just one example of the additional attention governments around the world are giving to cyber risk. Your cybersecurity risk management and governance practices are of strategic importance to your organization.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

The business case for security strategy and architecture

Notice Bored

AUGUST 8, 2022

c omplementing and supporting various other business strategies and architectures such as cloud first, artificial intelligence, IIoT, big data, new products, new markets.); c omplementing and supporting various other business strategies and architectures such as cloud first, artificial intelligence, IIoT, big data, new products, new markets.);

Architecture

Architecture Artificial Intelligence Risk Government

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote

Security Boulevard

JULY 15, 2023

Permalink The post BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Architecture CISO Education

BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore

Security Boulevard

JULY 12, 2023

Permalink The post BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore appeared first on Security Boulevard. Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel.

Architecture

Architecture CISO Education Risk

BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions

Security Boulevard

JULY 16, 2023

Permalink The post BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Hacking Architecture CISO

New certificate program teaches cloud auditing in a multi-tenant architecture

SC Magazine

MARCH 25, 2021

Experts in the field of cloud, IT governance and general cybersecurity believe that this certificate program is a significant addition to the wide spectrum of security training programs available today, filling an important gap in the knowledge-based training market.

Architecture

Architecture Technology Government Penetration Testing

BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening

Security Boulevard

JULY 14, 2023

Permalink The post BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Architecture CISO Education

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

government is urging software makers to adopt secure application-development practices that help prevent buffer overflow attacks. Cybersecurity News) How to mitigate buffer overflow vulnerabilities (Infosec Institute) How to prevent buffer overflow attacks (TechTarget) VIDEOS What is a Buffer Overflow Attack? This week, the U.S.

Banking

Banking Cybercrime Cybersecurity Ransomware

Herjavec Group Wins 4 Cyber Defense Magazine Global InfoSec Awards

Herjavec Group

MAY 17, 2021

Herjavec Group supports the Assessment, Design, Deployment, and Management of your IAM solutions through a comprehensive offering including Strategic Workshops, Advisory Services, Architecture & Implementation, and Managed IAM. Accelerate compliance efforts with unified top-down governance processes for all users. Learn more?

InfoSec

InfoSec Technology Marketing B2C

The Rise of Data Sovereignty and a Privacy Era

SecureWorld News

JUNE 24, 2024

T – Technology Essential to secure the digital enterprise across the Infrastructure, Application and Services dimensions of a layered security architecture. A data characterization and governance platform should be the cornerstone and foundation to power adoption of the guiding principles and to assure enterprise data protection.

IoT

IoT InfoSec Artificial Intelligence Risk

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter. haveibeenpwned you guys are legends.

Data breaches

Data breaches Passwords InfoSec Accountability

Accelerate Open Banking Innovation with These 7 Data Capabilities

Security Boulevard

JULY 28, 2021

That’s the scale and complexity banks have to deal with as rapid change fueled by market forces and government regulation unlocks a wave of innovation. One Delphix customer has 30,000 applications dispersed across a vast multi-generational array of modern apps cohabiting with mainframe and client-server. days but can stretch to months. .

Banking

Banking Marketing Digital transformation Risk

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

To top it off, Duo is connected to our SIEM and our InfoSec team is able to review detailed logs and setup alerts to be able to keep everything secure.” Duo’s Passwordless Architecture. Government Towards Zero Trust Cybersecurity Principles”. This includes: FIDO2 compliant, phishing-resistant authentication using.

Authentication

Authentication Passwords Phishing Mobile

Cyber Week 2023 & The Israel National Cyber Directorate Presents – AI Governance in the Wake of ChatGPT – Policy and Governance

Security Boulevard

SEPTEMBER 23, 2023

Permalink The post Cyber Week 2023 & The Israel National Cyber Directorate Presents – AI Governance in the Wake of ChatGPT – Policy and Governance appeared first on Security Boulevard.

Government

Government Architecture CISO Education

Safety first: Will insurance companies stall or accelerate cybersecurity progress?

SC Magazine

FEBRUARY 8, 2021

He referenced an insurer’s role in designing pressure relief valves for the steam engines powering Philadelphia in the 1800s: “They said if you wanted to have insurance, you have to have this piece of architecture on your system.” In so doing, “they drove security or solutions to avoid large insurance claims.”.

Insurance

Insurance Cybersecurity Cyber Insurance Government

Seven Massachusetts Cities Join Forces to Bolster Cybersecurity Posture

SecureWorld News

MAY 16, 2023

The city has a more established IT setup, including a full-time IT director, which many of the smaller towns lack, according to this Government Technology article. Municipal governments must share data with counties, state agencies, and even some federal systems. This is a great approach. He says: "I love this idea!

Cybersecurity

Cybersecurity Insurance Cyber Risk CISO

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

With a career spanning two decades as a technology provider to businesses and government agencies, Levine brings a strategic and pragmatic approach to building secure software and cloud services without disrupting product velocity. In government, Brooks served under President George W.

Computers and Electronics

Computers and Electronics Technology Information Security Education

2020 Hindsight – Top 10 Highlights from McAfee

McAfee

DECEMBER 4, 2020

Government’s FedRAMP High JAB P-ATO Designation. governments race to modernize its IT infrastructure in the constantly evolving threat landscape, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level.

Cyber threats

Cyber threats InfoSec Big data Architecture

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? So, when we first came to market, our big customers were the US government and kind of interestingly, we're testing already compiled software. This is another chunk. It's testable.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Build an insider threat management program that involves everyone

SC Magazine

JULY 13, 2021

It starts with a strong foundation: a unified mission that breaks down the traditional silos between “security” (personnel-focused) and “InfoSec” (network-focused IT). Threat personnel must have a solid understanding of cybersecurity, insider risk assessment and profiling, and security and privacy control architecture.

Risk

Risk InfoSec Media Technology

Cyber CEO: 3 Key Components for Resilient Third Party Risk Management

Herjavec Group

APRIL 26, 2021

Commerce is now advancing at a speed that makes it extremely difficult for infosec professionals to keep up. Identity Governance. Before 2020, the general enterprise attitude toward Identity Governance was “we have time to figure it out.” The importance of a strong Identity Governance program is more critical than ever.

Risk

Risk Government InfoSec Cybersecurity

Behind the Scenes: A Conversation with Virsec’s CTO of the Year

Security Boulevard

JUNE 10, 2021

Several weeks ago, we were thrilled to learn that our Founder and Chief Technology Officer, Satya Gupta, was named CTO of the Year in the 2021 Global InfoSec Awards. . Beyond that, he drives the basis of our creations and holds 48 patents in complex firmware architecture with products deployed to hundreds of thousands of users.

Marketing

Marketing InfoSec CISO Architecture

Top-Paying Tech Jobs Highlight New Roles, Cybersecurity Tie-ins

SecureWorld News

MAY 31, 2024

I ran across this fascinating post on ClearanceJobs, the largest career network for professionals with federal government security clearance, listing the " 10 Highest Paying Tech Jobs in 2024 and Beyond." Cloud Solution Architect: While not purely cybersecurity, this role is heavily focused on cloud security in addition to architecture.

Artificial Intelligence

Artificial Intelligence Cybersecurity Engineering Technology

7 Best Attack Surface Management Software for 2024

eSecurity Planet

DECEMBER 20, 2023

Visit Cycognito Pricing Through its SaaS architecture, CyCognito provides tiered pricing for security testing, intelligence, and premium support. Yes, ASM software is designed to integrate effectively with other security solutions, thus improving the overall security architecture. How Frequently Should ASM Scans Be Performed?

Software

Software Risk Architecture Internet

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? So, when we first came to market, our big customers were the US government and kind of interestingly, we're testing already compiled software. This is another chunk. It's testable.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? So, when we first came to market, our big customers were the US government and kind of interestingly, we're testing already compiled software. This is another chunk. It's testable.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Information risk and security for professional services

Notice Bored

APRIL 20, 2022

I am currently drafting a guideline on information security, privacy, governance, compliance and other controls to mitigate unacceptable information risks in professional services. When you acquire or provide professional services, how do you address the associated information risks? Guess whose interests they are most likely to protect!

Risk

Risk Energy and Utilities Computers and Electronics Telecommunications

Security in software development

Notice Bored

JULY 21, 2022

The customer is apparently seeking guidance on integrating infosec into the development process, which begs the question "Which development process?". Prompted by some valuable customer feedback earlier this week, I've been thinking about how best to update the SecAware policy template on software/systems development.

Software

Software Risk InfoSec Security Awareness

The sadly neglected Risk Treatment Plan

Notice Bored

JUNE 23, 2022

27003 tells us the RTP can include other useful content i.e.: Risk owner(s); Casually hinting at what can be a very useful governance approach and risk management mechanism - except the hint is so subtle as to be easily overlooked. Design plan' hints at the organisation having developed an information risk and security architecture.

Risk

Risk Architecture InfoSec Accountability

NBlog Mar 11 - book review on "Cyber Strategy"

Notice Bored

MARCH 10, 2021

Pros An in-depth exposition on an extremely important topic It emphasises risks to the business, to its information, and to its IT systems and networks, in that order Systematic, well structured and well written, making it readable despite the fairly intense subject matter Lots of diagrams, example reports and checklists to help put the ideas into (..)

Architecture

Architecture Risk InfoSec Government

Y2k + 20: risk, COVID and "the Internet issue"

Notice Bored

JANUARY 9, 2021

Go ahead, show me the associated risk profiles and documented security architectures. Even the government and defence industries would be very hard pressed to demonstrate leadership in this area. which leaves our organisations, management and society at large asking themselves "What have the infosec pros ever done for us?

Internet

Internet Internet Risk InfoSec

The Matrix, policy edition

Notice Bored

JUNE 18, 2022

The security architectural objective is to ensure that all relevant policy matters are covered clearly and unambiguously, leaving no significant gaps or overlaps. That's important from a governance perspective since policies are a primary mechanism for exerting management direction and control over the organisation.

Information Security

Information Security Architecture Government Risk

How CIOs Can Protect Data Against Ransomware Attacks in 2022

Security Boulevard

OCTOBER 27, 2021

government in the first six months of 2021. . A Zero Trust architecture should be at the center of every security strategy. Configuring endpoint management enables infosec teams to protect their data from being accessed from anywhere (internal or external). Establish a Zero Trust Mindset. Improve Your SOC.

Ransomware

Ransomware Backups Mobile InfoSec

The nine controls ISO/IEC 27002 missed

Notice Bored

MARCH 14, 2022

Assurance controls in general: although there are some assurance controls in the ISO27k standards, they are mostly constrained to compliance auditing for accredited certification purposes. Oversight, for instance, is a valuable control (or rather, a cloud of related controls) that is almost universally applicable.

Risk

Risk Information Security Surveillance Architecture

Why are you ignoring NIST, NSA and the NCSC?

IT Security Guru

APRIL 1, 2021

As Robin Oldham remarked in his weekly infosec newsletter “ If true —then the company’s culture, practices, technical solutions, or assure activities must also have therefore been pretty spectacularly lax. The agencies’ ZT principles should have been a no brainer for SolarWinds. Tilt the advantage to the business.

Marketing

Marketing Artificial Intelligence Technology InfoSec

CISO workshop slides

Notice Bored

AUGUST 5, 2022

The title ' CISO Workshop: Security Program and Strategy ' with ' Your Name Here ' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology (..)

CISO

CISO Risk Artificial Intelligence Marketing

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Cisco Security

AUGUST 26, 2021

We constantly see new threats, and threat vectors, come and go; which puts a tremendous strain on the InfoSec teams that have to protect organizations and businesses from these threats. In a cloud application and mobile world, organizations can’t rely on traditional perimeter security architecture to secure access to applications.

Technology

Technology Firewall VPN Authentication

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

It was a government contract, and he was not allowed to bring in his own laptop nor allowed to install any software on their machines. In information security (infosec) there is the need to be on the latest version. Writing exploits or developing infosec tools is no exception, they often need to have access to the latest libraries.

InfoSec

InfoSec Penetration Testing Architecture Software

BSides Sofia 2023 – Daniela Shalev – Hunting Unsigned DLLs To Find APT

Security Boulevard

JULY 17, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Daniela Shalev – Hunting Unsigned DLLs To Find APT appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard Eavesdropping

Security Boulevard

JULY 21, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard Eavesdropping appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

Threat Modeling and Architecture

State of Cybersecurity in Canada 2025: Key Insights for InfoSec Leaders

Trending Sources

Top 9 Trends In Cybersecurity Careers for 2025

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

The business case for security strategy and architecture

CISA Order Highlights Persistent Risk at Network Edge

BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote

BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore

BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions

New certificate program teaches cloud auditing in a multi-tenant architecture

BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Herjavec Group Wins 4 Cyber Defense Magazine Global InfoSec Awards

The Rise of Data Sovereignty and a Privacy Era

Project Svalbard: The Future of Have I Been Pwned

Accelerate Open Banking Innovation with These 7 Data Capabilities

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cyber Week 2023 & The Israel National Cyber Directorate Presents – AI Governance in the Wake of ChatGPT – Policy and Governance

Safety first: Will insurance companies stall or accelerate cybersecurity progress?

Seven Massachusetts Cities Join Forces to Bolster Cybersecurity Posture

Meet the 2021 SC Awards judges

2020 Hindsight – Top 10 Highlights from McAfee

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Build an insider threat management program that involves everyone

Cyber CEO: 3 Key Components for Resilient Third Party Risk Management

Behind the Scenes: A Conversation with Virsec’s CTO of the Year

Top-Paying Tech Jobs Highlight New Roles, Cybersecurity Tie-ins

7 Best Attack Surface Management Software for 2024

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Information risk and security for professional services

Security in software development

The sadly neglected Risk Treatment Plan

NBlog Mar 11 - book review on "Cyber Strategy"

Y2k + 20: risk, COVID and "the Internet issue"

The Matrix, policy edition

How CIOs Can Protect Data Against Ransomware Attacks in 2022

The nine controls ISO/IEC 27002 missed

Why are you ignoring NIST, NSA and the NCSC?

CISO workshop slides

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Happy 10th anniversary & Kali's story.so far

BSides Sofia 2023 – Daniela Shalev – Hunting Unsigned DLLs To Find APT

BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard Eavesdropping

Stay Connected