Architecture and Risk - Cyber Security Informer

Review: Practical Cybersecurity Architecture

Adam Shostack

JANUARY 2, 2025

Adam Shostack's review of the book Practical Cybersecurity Architecture There's an insightful comment , "Everybody has a testing environment. Similarly, everybody has both enterprise and product architecture. And they have a really important bit which improves my thinking about risk management and threat modeling.

Architecture

Architecture Cybersecurity Risk

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. Planning required processes and security components when initially building your architecture. Related: The dangers of normalizing encryption for government use.

Risk

Risk Encryption Data privacy CISO

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. This article explores network security architecture components, goals, best practices, frameworks, implementation, and benefits as well as where you can learn more about network security architecture.

Architecture

Architecture Network Security Firewall Risk

GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance

The Last Watchdog

APRIL 21, 2022

Related: The value of sharing third-party risk assessments. The threat landscape is also continuously changing, with new attacker trends coming to light and new software vulnerabilities discovered which put organizations at risk if they are not patched. Take a risk-based approach. Is data backed up regularly?

Risk

Risk Cybersecurity Architecture Data breaches

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel. Philadelphia, Pa., Philadelphia, Pa., To learn more: [link].

Risk

Risk Penetration Testing Marketing Technology

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

APRIL 17, 2023

Here are a few of the top security weaknesses that threaten organizations today: Poor risk management. A lack of a risk management program or support from senior management is a glaring weakness in your cybersecurity strategy. Spotty patching. Vulnerability management is another key consideration when it comes to security.

Risk

Risk Cybersecurity Data breaches Cyber Attacks

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

The Last Watchdog

OCTOBER 4, 2023

The Omdia analysts called out a a handful of key proactive methodologies: Risk-Based Vulnerability Management (RBVM), Attack Surface Management (ASM), and Incident Simulation and Testing (IST). RBVM solutions don’t merely identify vulnerabilities, it quantifies and prioritizes them, making risk management more strategic. Is that fair?

Risk

Risk Marketing Software Network Security

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

FEBRUARY 27, 2020

The Berryville Institute of Machine Learning (BIML) has released “ An Architectural Risk Analysis of Machine Learning Systems.” BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version. The specific risks are challenging in several ways.

Risk

Risk Engineering Architecture Software

Cybersecurity Risk Management: Frameworks, Plans, & Best Practices

Security Boulevard

JANUARY 22, 2024

In the modern landscape of cybersecurity risk management, one uncomfortable truth is clear — managing cyber risk across the enterprise is harder than ever. Keeping architectures and systems secure and compliant can seem overwhelming even for today’s most skilled teams.

Risk

Risk Cybersecurity Cyber Risk Architecture

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

JANUARY 2, 2025

Risk Framework and Machine Learning The Berryville Institute of Machine Learning (BIML) has released " An Architectural Risk Analysis of Machine Learning Systems." BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version.

Risk

Risk Engineering Architecture

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. It means anti-phishing tools so your teams can open emails without needless hesitation or risk. This leads to revenue gains and positive customer outcomes.

Risk

Risk Cybersecurity Technology CISO

Understanding the Link Between API Exposure and Vulnerability Risks

Security Boulevard

MAY 3, 2024

As software development grows more complex and APIs become more central to new software architectures, vulnerabilities can stem from various sources, whether it’s an issue within open-source components or a mistake made by one of your developers.

Risk

Risk Architecture Software

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

CISA also says agencies should “deploy capabilities, as part of a Zero Trust Architecture, that enforce access control to the interface through a policy enforcement point separate from the interface itself (preferred action).”

Risk

Risk VPN Internet Internet

Mitigating kernel risks on 32-bit ARM

Google Security

FEBRUARY 23, 2022

Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.

Risk

Risk Architecture Wireless Software

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

Lets explore the risks associated with Automated Driving. Contrary to the commonly used definition of an [minimal risk condition, (MRC)], which describes only a standstill, this publication expands the definition to also include degraded operation and takeovers by the vehicle operator. million people were seriously injured.

Risk

Risk Architecture Manufacturing Cybersecurity

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

The Last Watchdog

FEBRUARY 27, 2023

SASE architectures must be validated end to end—from users and branches, through SASE points of presence, to cloud application servers. Additionally, performance needs to be profiled across all networks and SASE behavior measured across all architectures—virtualized, containerized, and bare metal Jeyaretnam Test for the real world.

Risk

Risk Architecture Firewall Telecommunications

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

The Hacker News

AUGUST 8, 2024

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.

Architecture

Architecture Risk

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk

Risk Data collection Architecture Government

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

“Our team quickly triaged the report and determined the risk to partners to be minimal,” said Patrick Beggs , ConnectWise’s chief information security officer. “Nevertheless, the mitigation was simple and presented no risk to partner experience, so we put it into the then-stable 22.8

Phishing

Phishing Architecture Passwords Accountability

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats

Cyber threats CISO IoT Phishing

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk

Risk DDOS Data breaches Encryption

CIA Network Exposed Through Insecure Communications System

Schneier on Security

AUGUST 29, 2018

But the CIA's interim system contained a technical error: It connected back architecturally to the CIA's main covert communications platform. The moral -- which is to go back to pre-computer systems in these hihg-risk sophisticated-adversary circumstances -- is the right one, I think. People died because of that mistake.

Penetration Testing

Penetration Testing Architecture Firewall Government

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

Web architecture from the past decade followed a trend where most web applications were server heavy, and enterprises’ data centers handled the bulk of the processing. Due to optimized speeds and improved computing capacity on client devices, the architecture has evolved over the last few years.

Risk

Risk Architecture Hacking Media

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

Access controls are the nexus of security and the expanding perimeter, and zero trust is the architecture that encompasses it. Zero trust is an all-inclusive security and privacy architecture. The network security perimeter is dynamically created and policy-based, and must be guarded by secure and highly managed access controls.

Healthcare

Healthcare Technology Architecture IoT

The State of Security: Malware in 2022

The State of Security

JULY 17, 2022

Among the many challenges businesses contend with in the global marketplace today, the 11th Allianz Risk Barometer 2022 ranks cybersecurity threats as the most important business risk. To safeguard their network systems and entire security architecture, […]… Read More.

Malware

Malware Architecture Risk Technology

Understanding AI risks and how to secure using Zero Trust

CyberSecurity Insiders

JUNE 12, 2023

Understanding AI threats Mitigating AI threats risks requires a comprehensive approach to AI security, including careful design and testing of AI models, robust data protection measures, continuous monitoring for suspicious activity, and the use of secure, reliable infrastructure.

Risk

Risk Architecture Data privacy Encryption

Bracing for the Data Security ‘Bang’

Security Boulevard

OCTOBER 15, 2021

According to the Gartner Hype Cycle for Data Security, 2021, “organizations are accelerating the deployment of sensitive data across multi-cloud architectures, which exposes data beyond traditional network boundaries. This is scaling up the exposure to data residency and privacy risks, and a growth in.

Architecture

Architecture Risk Ransomware Malware

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

NOVEMBER 7, 2024

SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.” SentinelLabs researchers speculate DPRK-linked actors targeting the crypto industry since July 2024 as part of the Hidden Risk campaign.

Malware

Malware Risk Architecture Cryptocurrency

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

The Last Watchdog

JULY 8, 2021

Here’s what they had to say, edited for clarity and length: Vikram Asnani, senior director – solution architecture, CyberGRX. This magnifies the risk of similar attacks targeting any industry, all sizes and even individuals, such as celebrities, CEOs, government officials, etc. Gary Phipps, VP of solution architecture, CyberGRX.

Ransomware

Ransomware Hacking Software Architecture

AI tool GeoSpy analyzes images and identifies locations in seconds

Malwarebytes

JANUARY 21, 2025

404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships. Aside from the contribution towards a surveillance society, the risks of such a tool are obvious.

Media

Media Artificial Intelligence Identity Theft Surveillance

RSAC Fireside Chat: Dealing with the return of computing workloads to on-premises datacenters

The Last Watchdog

JUNE 6, 2023

Related: Guidance for adding ZTNA to cloud platforms Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures. However, a “back-migration,” as Michiel De Lepper , global enablement manager, at London-based Runecast , puts it, is also ramping up.

Cloud Migration

Cloud Migration Architecture Internet Internet

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

The Last Watchdog

FEBRUARY 28, 2022

When we talk about the superpower of this microservice architecture, we should not forget- ‘great power comes with great responsibility’ – this holds true for API security. APIs are not insecure by nature, but due to the complexity and quantity of API adoption, it is easy to have security gaps and cyber risks waiting to leap out.

Mobile

Mobile Penetration Testing Digital transformation IoT

How 5G network is immune to Cyber Attacks

CyberSecurity Insiders

MAY 7, 2023

However, 5G networks do offer some unique security features that can help mitigate the risks of cyber attacks. Furthermore, 5G networks are designed with security in mind from the outset, incorporating security features into the network architecture and protocols.

Cyber Attacks

Cyber Attacks Architecture Technology DDOS

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? GenAI holds immense potential to supercharge productivity, but if you forget basic security hygiene, you’re opening yourself up to significant risk. Their guidance: Snehal Antani , CEO, Horizon3.ai

Cybersecurity

Cybersecurity Marketing Encryption CISO

News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies

The Last Watchdog

SEPTEMBER 27, 2023

“TechBrief: Generative AI” begins by laying out a core challenge: the rapid commercialization of GenAI poses multiple large-scale risks to individuals, society, and the planet that require a rapid, internationally coordinated response to mitigate.

Technology

Technology Risk Education Government

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

With the continued evolution of these risks, IT leaders must adapt by implementing a multi-layered approach to security, staying one step ahead of attackers. Resolution #2: Take a Quantum Leap in Security As quantum computing improves, organizations must prepare today to address the security risk posed by this emerging technology.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

More than a third (39%) used the microservice architecture. Distribution of Broken Access Control vulnerabilities by risk level, 2021–2023 ( download ) Almost half of the Broken Access Control vulnerabilities carried a medium risk level, and 37%, a high risk level.

Passwords

Passwords Authentication Architecture Risk

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

The Last Watchdog

AUGUST 2, 2023

With the new hybrid cloud capabilities of the Normalyze platform, we can assess our entire data landscape no matter where the data resides and prioritize risks with the highest business impact.” Organizations with sophisticated hybrid cloud frameworks struggle to get an end-to-end picture of the risks across all data stores.

Cloud Migration

Cloud Migration Risk Architecture Media

The RAMBO Attack Explained: Risks, Implications, & Mitigations for RSA Security

eSecurity Planet

SEPTEMBER 10, 2024

Identifying Vulnerabilities The attacker begins by studying your system’s architecture and identifying specific patterns of memory access that can be manipulated to generate electromagnetic signals. Subscribe The post The RAMBO Attack Explained: Risks, Implications, & Mitigations for RSA Security appeared first on eSecurity Planet.

Risk

Risk Computers and Electronics Encryption Surveillance

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

The Security Ledger

FEBRUARY 21, 2024

Paul speaks with Gary McGraw of the Berryville Institute of Machine Learning (BIML), about the risks facing large language model machine learning and artificial intelligence, and how organizations looking to leverage artificial intelligence and LLMs can insulate themselves from those risks. The post Episode 256: Recursive Pollution?

Artificial Intelligence

Artificial Intelligence Risk Architecture Technology

Patch now! New Chrome update for two critical vulnerabilities

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline. It could be used for potential data theft or system crashes.

Spyware

Spyware Architecture Advertising Engineering

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

JANUARY 4, 2022

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022.

Digital transformation

Digital transformation Hacking Architecture Cyber Risk

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

FEBRUARY 26, 2023

Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.

Cyber threats

Cyber threats Software Risk CISO

Review: Practical Cybersecurity Architecture

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

Trending Sources

Network Security Architecture: Best Practices & Tools

GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

Threat Model Thursday: BIML Machine Learning Risk Framework

Cybersecurity Risk Management: Frameworks, Plans, & Best Practices

Threat Model Thursday: BIML Machine Learning Risk Framework

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Understanding the Link Between API Exposure and Vulnerability Risks

CISA Order Highlights Persistent Risk at Network Edge

Mitigating kernel risks on 32-bit ARM

Safety and Security in Automated Driving

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

The Best 10 Vendor Risk Management Tools

ConnectWise Quietly Patches Flaw That Helps Phishers

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

CIA Network Exposed Through Insecure Communications System

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The State of Security: Malware in 2022

Understanding AI risks and how to secure using Zero Trust

Bracing for the Data Security ‘Bang’

DPRK-linked BlueNoroff used macOS malware with novel persistence

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

AI tool GeoSpy analyzes images and identifies locations in seconds

RSAC Fireside Chat: Dealing with the return of computing workloads to on-premises datacenters

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

How 5G network is immune to Cyber Attacks

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies

Cybersecurity Resolutions for 2025

Top 10 web application vulnerabilities in 2021–2023

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

The RAMBO Attack Explained: Risks, Implications, & Mitigations for RSA Security

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

Patch now! New Chrome update for two critical vulnerabilities

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

Stay Connected