Information Security, Risk and Technology

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. So, how can you conduct a DLP risk assessment? What is a DLP Risk Assessment? Why Conduct a DLP Risk Assessment? Protecting sensitive data is what cybersecurity is all about.

Risk

Risk Cybersecurity Data breaches Cyber threats

Information Security Manual (ISM)

Security Boulevard

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats.

Information Security

Information Security Healthcare Cyber threats Government

Information Security Manual (ISM)

Centraleyes

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats.

Information Security

Information Security Cyber threats Government Small Business

Difference between Cybersecurity and Information Security

CyberSecurity Insiders

JANUARY 18, 2023

Many of you get confused with terms cybersecurity and Information Security and think that both these words are same and synonymous. As organizations face constant threats in cyberspace like DDoS, ransomware, malware and data breaches, cybersecurity helps track and mitigate threats to eliminate business risks.

Information Security

Information Security Cybersecurity DDOS Data breaches

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Turn on automatic updates, install updates from the operating system when you’re asked to, and make a regular habit of updating everything in your technology ecosystem. So, I decided to update the advice myself.

Risk

Risk Passwords Password Management Accountability

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

NOVEMBER 17, 2021

He is also the inventor of several information-security technologies widely used today; his work is cited in over 500 published patents. His opinions are also frequently cited in books, law journals, security publications, and general interest periodicals.

Cybersecurity

Cybersecurity Artificial Intelligence Government Information Security

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

This shift is expected to place significant pressure on organizations that haven’t yet developed trusted data to manage risk effectively. Sherrets Dane Sherrets , Innovation Architect, HackerOne Well see greater industry adoption of AI security and safety standards. Failure risks fines or supplier bans.

Cybersecurity

Cybersecurity CISO Risk Government

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. Business initiatives demand faster, more efficient outcomes and technology responds. Complexity challenge.

Risk

Risk Cybersecurity Technology CISO

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover.

Technology

Technology Identity Theft Backups Passwords

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Security Operations Center (SOC) analyst burnout is a very real problem. But it doesn’t have to be this way.

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

OCTOBER 18, 2024

Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers.

Cybersecurity

Cybersecurity Artificial Intelligence Penetration Testing CISO

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

DECEMBER 11, 2023

Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. Steinberg has helped many organizations improve their management of cyber risk, and has assisted attorneys in achieving just compensation for parties wrongly harmed by cyberattacks.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Information Security

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

Centraleyes

MARCH 17, 2025

Every organization faces risks that threaten its objectives, assets, and operations. A risk assessment is the foundation for identifying, analyzing, and prioritizing these risks. Understanding the basics of risk assessment is the first step in building a resilient and proactive strategy to mitigate risks and vulnerabilities.

Risk

Risk Insurance Small Business Cybersecurity

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

“Today, the Department of the Treasurys Office of Foreign Assets Control (OFAC) sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. networks since the summer of 2022. critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Hacking Technology

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

LinkedIn’s new “About This Profile” section — which is visible by clicking the “More” button at the top of a profile — includes the year the account was created, the last time the profile information was updated, and an indication of how and whether an account has been verified.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

Many of Gillis’s comments echoed those that I have heard in recent months from CISOs and others within the cybersecurity industry who witness developments from various vantage points quite different from those of a vendor of cybersecurity technologies. Sampling No Longer Works.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

Insider Risk: Unconventional Thoughts and Lessons Learned

CyberSecurity Insiders

MAY 3, 2023

By: Daron Hartvigsen , Managing Director, StoneTurn and Luke Tenery , Partner, StoneTurn When insider threat or insider risk is discussed in a corporate context, often the relevant topics include misconduct , fraud, misuse, or even the idea that insiders can be unwitting accomplices to social engineering exploitation.

Risk

Risk Cyber threats Marketing Engineering

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement." Thankfully, customers can still visit physical stores to purchase their favorite treats, but the incident reminds us of our operational reliance on interconnected technologies.

Password Management

Password Management Passwords CISO Cybersecurity

Giving Smaller Businesses The Critical Power Of Large Community Threat Intelligence: A High-Level Look at CrowdSec

Joseph Steinberg

FEBRUARY 9, 2021

I was recently asked to take a look at CrowdSec – a new, free, open-source information security technology created in France that seeks to improve the current situation. at the end of 2020, and reported to me that its technology is already being used in over 70 countries across all six continents (other than Antarctica).

Firewall

Firewall Technology Artificial Intelligence Risk

News alert: Blackwired launches ‘ThirdWatch?’ — an advanced third-party risk management platform

The Last Watchdog

SEPTEMBER 4, 2024

4, 2024, CyberNewsWire — Blackwired , the leading cyber observatory for disruptive cybersecurity technologies, has announced the launch of ThirdWatch?, Utilizing a non-invasive, zero-touch technology process, ThirdWatch? Singapore, Sept. ThirdWatch? Central to ThirdWatch? ThirdWatch? ThirdWatch?

Risk

Risk Artificial Intelligence Cyber Risk Cyber threats

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. However, delegating tasks also introduces new information security challenges.

Internet

Internet Internet Risk Social Engineering

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security.

Government

Government Telecommunications Surveillance Risk

Apple Guidance on Intimate Partner Surveillance

Adam Shostack

MAY 6, 2021

Apple has released (or I’ve just come across) a document Device and Data Access when Personal Safety is At Risk. What you share, and whom you share it with, is up to you — including the decision to make changes to better protect your information or personal safety. If you want to make sure no one else can see your location.

Surveillance

Surveillance Information Security Accountability Technology

It’s Time for Vendor Security 2.0

Daniel Miessler

SEPTEMBER 17, 2021

Ask yourself how much time wasted on security questionnaires for Solarwind, and how many of them did any good. In short, Vendor Security 2.0 is the transition from external security checks to internal risk analysis. Let’s add more detail to what we are proposing with Vendor Risk 2.0. Risk Visibility.

Risk

Risk Software Data breaches Education

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

The risks are real, and the impact of cybersecurity events continues to grow. A cyber catastrophe may seem inevitable, but there are basic practices and actionable steps any healthcare organization can take to begin reducing the clear and present risk of being impacted by a cybersecurity event. Evaluate data inventory.

Healthcare

Healthcare Cyber Attacks Education Social Engineering

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

The Last Watchdog

JANUARY 9, 2024

Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience.

Technology

Technology Cybersecurity Risk Mobile

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

MAY 13, 2020

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today. Observes Salvi: “We’ve gone to a stage where the Chief Information Security Officer has become a well-defined, mainstream role. Related: Why U.S. None of this is easy.”

CISO

CISO Cybersecurity Digital transformation Risk

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? the security posture of vendor partners). How useful is such a score?

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

DECEMBER 2, 2021

In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 Today’s technology and security strategies are falling short at keeping a company’s most critical asset – data itself – safe. In the end, the issue is clear — our data is at risk.

Ransomware

Ransomware Technology Cybersecurity Backups

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

The Last Watchdog

NOVEMBER 28, 2023

The study, conducted by independent research firm Propeller Insights, dives into how IT business leaders feel about their security posture in a world where the technologies they embrace to grow and thrive are also vulnerable to constant and increasing threats. Human error is among the top causes of security breaches.

Cyber Risk

Cyber Risk Risk B2B Education

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Security Affairs

MARCH 11, 2025

Cross-border data transfers enable global business but face challenges from varying cybersecurity laws, increasing risks of cyberattacks and data breaches. The increasing reliance on cloud computing, remote work, and digital transactions has amplified the risks associated with data transmission across different jurisdictions.

Cybersecurity

Cybersecurity Artificial Intelligence Encryption Technology

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

This is just one of many risks to our normal civilian computer supply chains. And since military software is vulnerable to the same cyberattacks as commercial software, military supply chains have many of the same risks. A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. This is not speculative.

Software

Software Cybersecurity Backups Manufacturing

The Unseen Threats: Anticipating Cybersecurity Risks in 2024

Security Boulevard

JANUARY 18, 2024

Cybersecurity risks increase every year and bludgeon victims who fail to prepare properly. For those interested in a better understanding of the oncoming risks, this is the information you are looking for. It can feel like crossing a major highway while blindfolded. Some dangers are familiar and persistent.

Risk

Risk Cybersecurity CISO Technology

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

Recently, tesearchers from Positive Technologies warned that unknown threat actors have attempted to exploit the now-patched vulnerability CVE-2024-37383 (CVSS score: 6.1) In September 2024, Positive Technologies discovered an email sent to a governmental organization in a CIS country. in the open-source Roundcube webmail software.

VPN

VPN Firewall Technology Passwords

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

While you might think that these actors are interested in government and defense information, their operations prove they are interested in much more – including software development and information technology, data analytics, and logistics. Educate your employees on threats and risks such as phishing and malware.

Cybersecurity

Cybersecurity Cybercrime Education Government

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

A review of the executives pages published by the 2022 list of Fortune 100 companies found only four — BestBuy , Cigna , Coca-Cola , and Walmart — that listed a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) in their highest corporate ranks.

CSO

CSO CISO Insurance Risk

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

It’s often difficult for small businesses to invest significantly in data privacy compliance or security measures because they don’t have large budgets. In fact, many SMBs have to choose between investing in new technology and making payroll. DPIA starting point.

Data privacy

Data privacy Small Business Data collection Cyber Risk

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

The Difference Between Threats and Risks. The problem we have as humans is that opportunity is usually coupled with risk, so the question is one of which opportunities should you take and which should you pass on. And If you want to take a certain risk, which controls should you put in place to keep the risk at an acceptable level?

VPN

VPN Risk Hacking Encryption

Disability Access Within the Field of Social Engineering

Security Through Education

APRIL 7, 2025

Phones and computers allow us to transmit information globally. This is ALL adaptive technology! Sometimes the adaptive technology that one person needs differs from what another person needs. Information security has a lot of potential for remote positions and flexible work options.

Social Engineering

Social Engineering Engineering Information Security Technology

What Is Exposure Management and Why Does It Matter?

Security Boulevard

MARCH 17, 2025

In practice, even with reasonable service level agreements (SLAs), IT usually has to mitigate those risks. Cybersecurity and Infrastructure Security Agency reveals that 90% of initial access to critical infrastructure comes via identity compromise like phishing, compromised passwords, identity systems and misconfigurations.

Risk

Risk Mobile Technology IoT

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

We also thoroughly investigate all reports of exposed keys and quickly take any necessary actions, such as applying quarantine policies to minimize risks for customers without disrupting their IT environment. We encourage all customers to follow security, identity, and compliance best practices.

Encryption

Encryption Ransomware Authentication Accountability

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Security Affairs

FEBRUARY 11, 2025

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. With over 90% of enterprises storing at least some of their data in the cloud, AIs ability to enhance security across complex, distributed environments is more vital than ever.

Artificial Intelligence

Artificial Intelligence Unstructured Data Risk Marketing

Application and API Security in 2025: What Will the New Year Bring?

Thales Cloud Protection & Licensing

DECEMBER 17, 2024

API-related security issues now cost organizations up to $87 billion annually. The growing risks associated with APIs will push organizations to strengthen their security from the outset of development in 2025. This breach will attract considerable attention, highlighting the urgent need for more robust API security measures.

Risk

Risk Digital transformation Software Technology

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure.

Surveillance

Surveillance Spyware Risk Hacking

From Risk Assessment to Action: Improving Your DLP Response

Information Security Manual (ISM)

Trending Sources

Information Security Manual (ISM)

Difference between Cybersecurity and Information Security

10 Behaviors That Will Reduce Your Risk Online

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Data leak at fintech giant Direct Trading Technologies

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Top 9 Trends In Cybersecurity Careers for 2025

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

LinkedIn Adds Verified Emails, Profile Creation Dates

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Insider Risk: Unconventional Thoughts and Lessons Learned

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Giving Smaller Businesses The Critical Power Of Large Community Threat Intelligence: A High-Level Look at CrowdSec

News alert: Blackwired launches ‘ThirdWatch?’ — an advanced third-party risk management platform

Story of the Year: global IT outages and supply chain attacks

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Apple Guidance on Intimate Partner Surveillance

It’s Time for Vendor Security 2.0

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

Scanning for Flaws, Scoring for Security

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Vulnerabilities in Weapons Systems

The Unseen Threats: Anticipating Cybersecurity Risks in 2024

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Everyday Threat Modeling

Disability Access Within the Field of Social Engineering

What Is Exposure Management and Why Does It Matter?

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Application and API Security in 2025: What Will the New Year Bring?

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Stay Connected