Tag: compliance
The recently released F5 and Ponemon report, “The Evolving Role of CISOs and their Importance to the Business,” unearthed some disconcerting results about CISO effectiveness. In particular, the following survey question spoke to this point specifically: Are security operations aligned with business objectives? Fully – 26% Partially – 34% Not – 40% Surprisingly, only a quarter of…
Read MoreAchieving Multi-Dimensional Security Through Information Modeling—Unwrapping Controls Part 4
- by nlqip
Information Security Controls are the bread and butter of audit professionals, the bane of developers, and the playground of security professionals. From a business perspective, they provide a means for enabling business resiliency by protecting and reducing the risk associated with the threat landscape. Insofar as the concept of defense in depth is embraced, it’s…
Read MoreOn January 9th, 2005, the Donttrip malware infection hit Northwest Hospital,1 a large medical facility in Seattle that served thousands of people. The malware clogged up the hospital’s network systems with surges of exploit network scanning. Medical operations ground to a halt as laboratory diagnostic systems couldn’t transfer data, Intensive Care Unit terminals went offline,…
Read MoreAchieving Multi-Dimensional Security Through Information Modeling—Modeling Inversion Part 5
- by nlqip
It is against business priority enablers that we align the following causation models required to present our high-level protection strategy. Causal Model 1 — Threat Landscape We captured the business priorities in the business model’s value proposition. ECS’s desire is to “offer certified and compliant cloud computing services secured with the leading security standards.”…
Read MoreAn orchard of cybersecurity law is growing in Asia. Now based in Singapore, your intrepid reporter is bumping into these cyber laws not as a participant (yet) but as an interested observer. Like the data-protection laws recently passed throughout the region, these cybersecurity regulations have a lot in common with each other. Singaporeans are known…
Read MoreFigure 1: Cost of confidential data breach – F5 Ponemon security survey What do breach costs consist of? They can include anything from incident response investigation costs, remediation costs, reputation damage, loss of sales, operational downtime, and compliance penalties. Another significant cost that hasn’t historically been a major contributor to breach costs but is…
Read MoreYou’re a chief information security officer (CISO) who’s managing the security requirements for your organization’s value chain. As a former CISO (and current virtual CISO to several companies), I know that’s one of the core functions of our role. How do you know you’re doing a good job? How would you evaluate your performance? The…
Read MoreThe National Cyber Security Centre (NCSC) was formed in 2016 to help protect the UK’s critical services from cyber attacks and help providers of those services manage major cyber incidents. NCSC has repeatedly warned that a major attack on critical national infrastructure is a matter of when, not if. Despite this, a recent cyber security…
Read More“Quantity has a quality all its own”—a quote apocryphally attributed to Joseph Stalin. As part of the research that went into F5 Labs’ 2018 Application Protection Report, we surveyed information security professionals. We found that 37% of respondents were from organizations with more than 5,000 people. Here’s how the percentages broke down: What is the…
Read MoreWe launched the CISO-to-CISO section of F5 Labs in January 2017, with a welcome message from then F5 CISO, Mike Convertino, talking about how we want to encourage security leaders to share and openly discuss ideas on how they protect their organizations. It’s all about security leaders sharing advice for other security leaders. Well, three…
Read MoreRecent Posts
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages