Posts Tagged 'risk management'
The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found […]
Today the SANS Institute released its survey on adoption of the Top 20 Critical Security Controls (CSCs) for Effective Cyber Defense. It’s a worthwhile read for CISOs and security analysts charged with overseeing security and risk management. The survey documents adoption highlights and hurdles, primarily experienced by financial services and government organizations. Three sets of findings […]
My book on Risk and the Internet of Things (RIOT) is coming along well and a colleague CTO, Greg Brown, now part of the effort. As it turns out, there is a lot to write about and the book is taking longer than first planned. 2+ years and counting. 300 + manuscript pages and growing! […]
The third meeting of the International Standards Organization’s (ISO) Special Working Group (SWG) on (Internet of Things) recently took place in Chongqing, China. The purpose of the SWG is essentially to assess what has been done to date related to IoT standards and provide guidance to ISO about the ISO so that the existing standards […]
Threats and vulnerabilities are a way of life for IT admins. With the continued rise of computer and network attacks, the threat of a critical attack is virtually constant. With complex software it is all but guaranteed that there will be vulnerabilities for attackers exploit. And the sheer volume of attack vectors for attackers to […]
One of PCI’s goals is to make sure data security is taken seriously and they are encouraging merchants to incorporate it into ‘business as usual’ practices. Some of the areas where additional clarification was given are what I categorize as managing risk, vulnerabilities and changes. PCI-DSS should not be a check the box, or ‘Simon […]