Category: AI in news
As we’ve seen in this series, security defenders’ perception of a security program can differ from the reality. Part 1 examined three key gaps that lead to incomplete risk management processes. Part 2 explored the gap in critical areas of perception of risk and defense between security leadership and security technicians, and how it can…
Read More
Apr 23, 2024NewsroomSpyware / Cyber Espionage The U.S. Department of State on Monday said it’s taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. “These individuals have facilitated or derived financial…
Read MoreThis move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams. In just the past year or two, DevOps has become much more mature. Today we need to understand risks and implement controls not…
Read More
Regardless of the organizational structure, CISOs will need to work with facilities, CSOs and anyone else in charge of physical security to plan out measures that take the following crucial physical security considerations into account. Top 10 physical security considerations Hardening IT facilities and data centers Day-to-day office facility concerns Blocking lateral movement in physical…
Read MoreTo both understand and keep pace with evolving cybercriminal mindsets, many businesses are fighting fire with fire – in other words hiring hackers for help. In fact, large corporations such as Airbnb, PayPal and Spotify, recently revealed that they have willingly spent over £38M on ethical hackers to tighten their cyber defences and avoid crippling…
Read MoreAs the Chief Information Security Officer at F5, it is my pleasure to welcome you to F5 Labs’ CISO to CISO section. This is an arena for frank and transparent discussions on all aspects of running an information security program. We’ll discuss topics like technical guidance on mitigating specific risks, as well as broader perspectives…
Read MoreThen there are the technical questions that need to be answered. What data will be captured, shared, and processed? What mobile platforms will the app run on? What server-side platforms will it need to talk to? Internal platforms? Third-party services? You also need to dig into the questions of expectations and dependencies. How important will…
Read MoreIn part one, we laid out how we should react when our organization tells us they want to roll out a mobile app. Short answer: don’t say no, but instead ask lots of questions. After that, we built a threat model that includes the mobile-specific twists on traditional IT security problems. Using this model, we…
Read MoreWe’re finishing up our series on what to do when your organization tells you they want to roll out a mobile app. In part one, we asked lots of questions so we could do a thorough risk and requirements analysis. In part two, we used that information to define security requirements and ensure that we…
Read MoreIn many organizations, building and securing apps has typically been a siloed affair. The product owner, the network engineer, the developer and the security engineer all come from different teams. And all too often, these teams become fiefdoms that believe their focus is the company’s primary objective. Today with Agile and DevOps moving faster and…
Read More