Network Forensics Tracking Hackers Through Cyberspace
The Ten-Day MBA 4th Ed.: A Step-By-Step Guide To Mastering The Skills Taught In America's Top Business Schools
Wired for War: The Robotics Revolution and Conflict in the 21st Century
Blogs / News -
I know there is a lot going on with Super Tuesday / Democratic Politics and Coronavirus today, but unless it is something super interesting I am just trying to stay away from those areas. You may see a mention or two but I am not going to try and track every little nuance.
The cryptocurrency market needs to improve how it secures digital assets for the $245 billion industry to keep growing, according to KPMG.
At least $9.8 billion in digital assets have been stolen by hackers since 2017 because of lax security or poorly written code, the accounting firm wrote in a report released Monday. Adoption of cryptocurrencies such as Bitcoin and Ether among institutional investors has led to competition for a place in portfolios, making safeguarding the tokens more important that ever, KPMG said.Ars Technica - Let’s Encrypt discovers CAA bug, must revoke customer certificates -
On Leap Day, Let's Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.
The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain's DNS should prohibit it. As a result, Let's Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can't be certain are legitimateCSO - How to write an effective information security policy -
(O)rganizations that tailor the information security policy to their own needs and circumstances based on enterprise risk, risk tolerance, regulatory requirements and desired best practices and who opt to actively manage their policy with scheduled reviews and updates when needed create a strong basis for their entire security program. As a result, they’re better positioned to achieve the security posture they seek.Dark Reading - Gotta Patch 'Em All? Not Necessarily, Experts Say -
"There is statistically significant evidence that if you try to apply risk-based vulnerability management principles across large portions of your environment, you will fix vulnerabilities faster," Baker said. Researchers also found a simpler remediation process yielded better coverage, whereas more complex processes led to less coverage but slightly better velocity. Programs with adequate budgets fared better than those that lacked enough funds, he added.
The structure of vulnerability management programs made a difference. Time to remediate was about a month-and-a-half shorter among firms that place responsibilities for finding and fixing flaws in separate organizations. This separation of duties also led to higher capacity for remediation, meaning these businesses are less likely to fall behind. Researchers hypothesized having separate teams identify and remediate flaws indicates more resources and maturity.Bank Info Security - Can a 'Zero Trust' Approach Work in the Supply Chain? -
Over the years, the platform economy, exemplified by companies such as Amazon, Airbnb, Uber and others, has taken hold across the globe. As a result, companies are not always sure who they are dealing with and the amount of opacity within the supply chain has increased, Conway says.
These developments, Conway says, are one reason why the dialogue around supply chain security should be changing and why different approaches are needed. "For those of us that make things, whether they are tangible goods or services, we have an end-to-end 'value chain.' ... We're still talking about supply chain security as if it's something new that hasn't been tackled," Conway says.Fifth Domain - International partners want in on Pentagon’s cybersecurity standards -
Following the release of the first version of new cybersecurity standards for contractors bidding on programs, the Department of Defense is focusing on international adoption of the framework.
The Cybersecurity Maturity Model Certification (CMMC) 1.0, released in January, is a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security that necessary for the work they are performing.
Bloomberg - Jack Welch Inflicted Great Damage on Corporate America -
You will hear a lot over the next 24 hours about what a business icon Welch was. “The gold standard of greatness,” Jeffrey Sonnenfeld, a Yale University business professor, described him for Bloomberg News’s obituary. Welch’s supporters will make the case that he was a great manager, that his focus on continual improvement imposed high standards and that he developed leaders who went on to run a half-dozen large corporations. There is some truth to that, for sure.
But remember this, too. When you see pharmaceutical companies raising the price of drugs to unconscionable levels; when companies cut back on research and development to satisfy Wall Street; when CEOs routinely make $40 million to $50 million a year, you now know whom to blame.
Jack Welch.ZDNet - Chinese security firm says CIA hacked Chinese targets for the past 11 years -
The Chinese security firm claims the purpose of this campaign was "long-term and targeted intelligence-gathering" to track "real-time global flight status, passenger information, trade freight, and other related information."
...
The Qihoo 360 report, along with the Kaspersky and Symantec reports, did not present any evidence that the CIA had broken the norms of cyber-espionage, which means Beijing might have a hard time charging any CIA officers without looking petty.
No comments:
Post a Comment