A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.
Hackers broke into a water treatment facility in Florida, gained access to an internal ICS platform and changed chemical levels, making the water unsafe to consume.
The WebsitePlanet research team in cooperation with security researcher Jeremiah Fowler discovered a non-password protected database that contained more than 1.5 billion records. The database belonged to American cable and internet giant Comcast, and the publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.
A new study by (ISC)², conducted in 2020, revealed that the cybersecurity profession experienced substantial growth in its global ranks, increasing to 3.5 million individuals currently working in the field, an addition of 700,000 professionals or 25% more than last year’s workforce estimate. The research also indicates a corresponding decrease in the global workforce shortage, now down to 3.12 million from the 4.07 million shortage reported last year. Data suggests that employment in the field now needs to grow by approximately 41% in the U.S. and 89% worldwide in order to fill the talent gap, which remains a top concern of professionals. Security experts, like Sarah Tatsis, VP of Advanced Technology Development Labs at BlackBerry, believe women can help solve the cybersecurity workforce shortage. Here, we speak to Tatsis about why women are needed and valued in the ongoing fight against cybercriminals.
Tinder becomes first dating app to be recognized for comprehensive information security practices in accordance with internationally accepted standards
February 9, 2021
Tinder, the world’s most popular app for meeting new people, has achieved certification for its Information Security Management System (ISMS) under the ISO/IEC 27001:2013 standard following an extensive impartial external audit — becoming the first app in its category to achieve a certification decision for this globally recognized security standard.
Extension will allow the Task Force to continue its work as outlined in its recently released Year 2 Report and position itself to support the supply chain risk management imperative in 2021
February 9, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) announced a six-month extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force. The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.
Biometric security solutions and AI-powered fraud prevention technologies have, for several years now, been transforming the ways in which organizations protect their business, their customers, and their employees. In fact, some industry estimates reveal that AI and biometrics have combined to prevent billions of dollars in losses from fraud—already.
Neal Semikin, who previously held the roles of Chief Information Security Officer (CISO) and Head of IT Security at the Bank of England, has joined cybersecurity firm, The 324 Consultancy.
Precisely announced the appointment of Sue Bergamo as Chief Information Security Officer (CISO). In the newly created CISO role at Precisely, she will be responsible for carrying out and managing the company’s information security vision, strategy, and program to minimize potential security risks and further a culture of security stewardship.
Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about an electronic funds transfer (EFT) payment.