Pass the CRISC exam Adhere to the CRISC Code of Professional Ethics Demonstrate the required minimum work experience As noted, CRISC is intended as a relatively high-level cert; as such its holders must demonstrate real-world experience. To be certified, you must have at least three years of work experience performing tasks involved in two of the…

Read More

“The State of Fake Traffic 2024,” a report from security tech company CHEQ, shows just how big the problem is getting. According to its research, 17.9% of all observed traffic in 2023 was automated or invalid, a 58% increase from the 11.3% identified as such by CHEQ in the previous year. (Others that count all…

Read More

Jul 09, 2024NewsroomSupply Chain Attack / Web Security Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a “complex and persistent” supply chain attack. “This attack stands out due to the high variability across packages,” Phylum said in an analysis…

Read More

Cybersecurity is no longer an optional or peripheral aspect of business operations; it’s an absolute necessity. The increasing frequency and sophistication of cyberattacks have highlighted the critical importance of robust cybersecurity measures. Along with these increases in frequency and sophistication, cyberattacks have also become incredibly expensive, with the average data breach costing millions. To stay…

Read More

In the last few days, Microsoft disclosed a data leak that exposed 38 terabytes of company data, including passwords, Teams messages, and the backups of two Microsoft AI research employees’ workstations. Thankfully, Microsoft has confirmed that no customer data was exposed. The leak was caused by an overly permissive Shared Access Signature (SAS) token that…

Read More

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action outlining a PRC state-sponsored cyber group’s activity. The following organizations also collaborated with ASD’s ACSC on the guidance: The National Security Agency (NSA); The…

Read More

This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New…

Read More

To celebrate Cyber Awareness Month, we’re releasing a series of posts outlining ways Cybersecurity Performance Management (CPM)TM can help you improve your cyber performance, reduce risk, and increase cyber ROI—all through the lens of the NIST Cybersecurity Framework (CSF). We’ll take you from the basics of CPM through to advanced practices with a weekly series…

Read More

To celebrate Cyber Awareness Month, we’re releasing a series of posts outlining ways Cybersecurity Performance Management (CPM)TM can help you improve your cyber performance, reduce risk, and increase cyber ROI—all through the lens of the NIST Cybersecurity Framework (CSF). Last week, we talked about the “Protect” Security Function, which you can find here. We’ll take…

Read More

To our regular readers, welcome back and thank you! To those new readers, in celebration of Cyber Awareness Month, we’re releasing a series of posts outlining ways Cybersecurity Performance Management (CPM)TM can help you improve your cyber performance, reduce risk, and increase cyber ROI—all through the lens of the NIST Cybersecurity Framework (CSF). Last week,…

Read More