Security testing (including scanning, penetration testing, red teaming, and more), is often seen as a compliance bug bear. However, if your security team wants to provide a level of assurance to the business that if an attack was to take place, you are well placed to both defend and detect it, it is essential that you perform the right kind of testing for your business. In this post, we’ll take a look at the types of testing you should be deploying within your organization by explaining what each type of test does and what it can (and can’t) deliver for you.
We just released our latest edition of PERCEPTION, our cyber threat intelligence briefing for the financial services sector edited by Dr Graham Shaw. This contains informative, relevant and timely information about the cyber threat landscape for financial institutions, current threat actors and recent activities, and is designed to help you address the cyber risks faced by your organization.
Cyber-attacks and the impact they have on organizations are becoming much better understood. However, in facing increasingly sophisticated, targeted and untargeted attacks, the complexity and scale of the threat means that avoiding a cyber-attack is becoming harder for organizations. If a cyber-attack is going to happen at some point, it’s essential that organizations plan for, and prepare to respond to, the inevitable. But this can be easier said than done. What steps do organizations need to take to develop a cyber security strategy that ensures they are prepared?
By Michael Fratello, Security Consultant at Nettitude
Earlier this week we published the first half of this blog. The preceeding blog can be found here: http://blog.nettitude.com/how-to-monitor-your-external-devices-and-improve-your-alerts-pt.1
Topics: Cyber Security Blog
Being able to detect new malware infections or security breaches on a network or on a computer system without known signatures is always a challenge. We explore a simple and efficient solution to monitor external facing assets, such as servers, and we discuss the data that was collected during the experimental period.
Topics: Cyber Security Blog
PCI DSS and I
Your company obtained PCI compliance. It could have been a journey which ended with a QSA audit, a self-assessment; or, as I saw in some cases, forsaken the PCI crown and decided to “eat” the risk.
So, What now?
Small and large organizations with PCI obligations have more than a Cardholder Data Environment (CDE) to worry about. There are always cyber security concerns involving systems availability, reputation, and also sensitive data concerns around Personally Identifiable Information (PII), healthcare related data, Intellectual Property (IP), regulatory requirements etc.
A recap of RSA 2017
In my blog piece in January, An advance look at RSA 2017, I wrote of what attendees could expect in advance of the RSA 2017 conference to ensure they made the most of their time there.
I wrote of the importance of wearing comfortable shoes, as there’s a lot of walking at RSA. With events in the south, north and west Moscone Center buildings and also two blocks away at the Marriott Marquis, combined with the long expo floor aisles; I am surprised podiatrists didn’t set up shop outside the convention center.
Like everyone, I left the conference with extreme information overload, sore feet, and much more educated about the current and future states of information security.
By Ben Rothke, CISSP PCI QSA
The RSA conference is about a month away and I am already looking forward to it. As the largest and one of the most influential information security conferences, it has turned into the go-to event of the information security season. Pretty much every player, big and small, in the information security world will be there.
RSA has long been the conference to get up to date information from security practitioners about current issues and threats. Now that the agenda for 2017 is available, four of the key topics for this year’s conference are on: