Exercises, Risk and Security - Information Management Today

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

Organizations must prioritize implementing effective security measures and conducting frequent audits. To secure sensitive data, cybersecurity specialists, software vendors, and end users should encourage collaborative efforts against malicious activities. Attackers were seen attempting to disable security plug-ins.

Risk

Risk Authentication Systems administration Ransomware

Turn up the volume with Table Top Exercises

OpenText Information Management

JUNE 7, 2022

MITRE released a new edition of its book on “the way security operations is done”, 11 Strategies of a World-Class Cybersecurity Operations Center.

Cybersecurity

Cybersecurity Security IT Risk

UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns

Security Affairs

DECEMBER 13, 2023

A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks.

Ransomware

Ransomware Risk Government Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

Hunton Privacy

MARCH 15, 2024

Elements of Risk Assessments Clarify the operational elements of the processing that the business must identify in a risk assessment, which include, e.g. , the business’s planned method for collecting, using, disclosing, retaining or otherwise processing personal information, and the sources of the personal information.

Risk

Risk Artificial Intelligence Compliance Privacy

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

Security Leaders Can Lower Expenses While Reducing Risk

Lenny Zeltser

AUGUST 23, 2023

Start by critically reviewing how you’ll spend the security funds; this involves broadening your perspective beyond security. You’ll help reduce risk, cut costs, and build goodwill with your colleagues. To do this, you may need to work with the finance team to itemize the expenses allocated to security at your firm.

Risk

Risk Security Cybersecurity Compliance

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

With RSA Conference 2021 technical sessions getting underway today, I sat down with Fred Kneip, CEO of CyberGRX , to hash over the notion that a lot of good could come from more systematic sharing of the risk profiles that large enterprises routinely compile with respect to their third-party contractors. Crowdsourcing risk profiles.

Risk

Risk Insurance Access Security

The risk of pasting confidential company data into ChatGPT

Security Affairs

MARCH 12, 2023

The experts also warn that enterprise security software cannot monitor the use of ChatGPT by employees and prevent the leak of sensitive/confidential company data. This means that there is no inherent risk in using ChatGPT to discuss general issues or ask knowledge-related questions. “Since ChatGPT launched publicly, 5.6%

Risk

Risk Artificial Intelligence Privacy Personal data

Biden AI Order Enables Agencies to Address Key Risks

Hunton Privacy

OCTOBER 31, 2023

President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. Standards for AI Safety and Security Red-teaming requirements. Developers must also share the results of “red-team” exercises with the government. Developers must also share the results of “red-team” exercises with the government.

Risk

Risk Artificial Intelligence Privacy Military

Bank of England cyber resilience exercise

Data Protection Report

OCTOBER 3, 2019

BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise. Exercise overview. The exercise explored the sector’s resilience to a major cyber incident impacting the UK. The exercise demonstrated the sector’s ability to respond to a dynamic and challenging disruption simulation.

Communications

Communications Marketing Risk IT

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Dark Reading

FEBRUARY 1, 2023

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

Security awareness

Security awareness Phishing Security Risk

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

UK Defence Secretary jet hit by an electronic warfare attack in Poland

Security Affairs

MARCH 15, 2024

” Steadfast Defender 2024 is NATO’s largest military exercise since the Cold War aimed at testing the alliance’s readiness and ability to defend itself across multiple domains. The exercise is held from January 22nd to May 31st, 2024. The jamming is “wildly irresponsible,” a defence source told The Sun.

Communications

Communications Military Risk IT

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

FEBRUARY 1, 2021

The cybersecurity operational risks businesses face today are daunting, to say the least. Related: Embedding security into DevOps. Adopting and nurturing a security culture is vital for all businesses. LW: What are a few other top security domains that deserve high priority; and how do they intersect with app security?

Security

Security Cloud Risk Cybersecurity

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

MAY 13, 2020

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today. They must rally the troops to proactively engage, day-to-day, in the intricate and absolutely vital mission of preserving the security of IT assets, without stifling innovation.

Security

Security Cybersecurity Military Risk

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

eSecurity Planet

OCTOBER 18, 2022

The vast majority of cybersecurity decision makers – 91 percent, in fact – find it difficult to select security products due to unclear marketing, according to the results of a survey of 800 cybersecurity and IT decision makers released today by email security company Egress. Assessing AI and Security Training.

IT

IT Security Cybersecurity Marketing

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

With many employees now working remotely, securing company data isn’t as straightforward as it used to be. International workforces can be an excellent way to find top talent, but they can introduce unique security risks. Countries have different data security laws, and these can get in the way of one another.

Communications

Communications Cybersecurity GDPR Risk

A guide to cyber security for marketing agencies

IT Governance

FEBRUARY 9, 2021

If your marketing agency is under the impression that cyber security is strictly an IT issue, you should think again. Effective security is a company-wide commitment, and marketers play one of the most crucial roles. So, what should marketing agencies do to reduce the risk of cyber attacks and protect their reputation?

Marketing

Marketing Security GDPR Privacy

ISO 27001: Gap analysis vs. risk assessment

IT Governance

NOVEMBER 30, 2018

Gap analyses and risk assessments are two of the most important processes organisations must complete when implementing ISO 27001 or reviewing their compliance status. This could be a simple tick-box exercise, with the unchecked requirements forming the gaps that might need to be addressed (not all clauses need to be implemented).

Risk

Risk Paper Compliance Government

Work from Home: 7 Best Security Practices for Remote Teams

AIIM

APRIL 16, 2020

But, as people say, with great benefits, come great risks! You may already be aware of some of the risks, but likely not all of them. Organizations and employees both have their own set of risks, which can be a hurdle while working from home remotely. What are the Best Security Practices for Remote Teams?

Security

Security Passwords Cloud Risk

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

Notably, the guidance states that, given the substantial risk from ransomware, “every NYDFS-regulated company should seek to implement the controls outlined in this Guidance to the extent possible.”.

Ransomware

Ransomware Security Financial Services Cybersecurity

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security. To mitigate these risks, users must promptly apply vendor-provided software patches and updates, as well as exercise vigilance when using online services and apps.

Libraries

Libraries Risk Cybersecurity Honeypots

MITRE and CISA release Caldera for OT attack emulation

Security Affairs

SEPTEMBER 6, 2023

MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. Purple teaming: This is a collaborative approach to security that brings together red and blue teams to work together to improve an organization’s security posture.

Cybersecurity

Cybersecurity Security Risk Government

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

Hunton Privacy

JUNE 7, 2022

It also urges mobile app providers to adopt robust security and privacy measures to protect reproductive health information.

Privacy

Privacy Authentication Information Security Risk

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security.

Security

Security Data breaches Ransomware Military

New Jersey Becomes 14th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JANUARY 19, 2024

Data Protection Assessment – Like Colorado, the law will require controllers not to conduct processing that presents a “heightened risk of harm” to consumers without conducting and documenting a data protection assessment.

Privacy

Privacy Personal data Sales Risk

Nearly a Million Kubernetes Instances Exposed on Internet

eSecurity Planet

JUNE 29, 2022

The threat-hunting exercise led to some general findings on risk exposure: The United States has the highest exposure count by far (65%), followed by China (14%) and Germany (9%) The top ports in use are 443, 10250, and 6443. Also read: Top Container Security Solutions for 2022. Kubernetes Security Risks.

Risk

Risk Authentication Passwords Access

Biden-Harris Administration Announces New Actions to Promote Responsible Artificial Intelligence Innovation

Hunton Privacy

MAY 12, 2023

These efforts build upon the steps the Administration has taken so far, including the Blueprint for an AI Bill of Rights issued by the White House Office of Science and Technology Policy (“OSTP”) and the AI Risk Management Framework released by the National Institute of Standards and Technology (“NIST”). Policies to ensure the U.S.

Artificial Intelligence

Artificial Intelligence Agriculture Cybersecurity Risk

Vulnerability Management – Business more secure

Outpost24

OCTOBER 20, 2017

Vulnerability Management – Business more secure. Network security. To work with Vulnerability Management is similar to preventing bad things to happen over time and is basically the exercise of limiting the chance of a breach by remediating vulnerabilities thereby reducing one’s overall risk level of being hacked.

Security

Security Risk

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

MARCH 13, 2024

SB 255 also requires controllers to implement “reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of personal data,” taking into consideration the volume and nature of that data.

Privacy

Privacy Personal data Sales Risk

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

The presence of cameras poses an unacceptable risk to national security. That [risk has] obviously been there, I might say, for some time and predates us coming into office but, that said, it’s important that we go through this exercise and make sure that our facilities are completely secure,” Marles added.

Manufacturing

Manufacturing Government Risk Communications

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. While the new security proposals have not yet become law, cybersecurity managers can begin to prepare metrics and audits that will not only help comply with those laws, but can also help create positive change now.

Cybersecurity

Cybersecurity Compliance Risk Communications

43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off

Security Affairs

AUGUST 7, 2023

The malicious apps include TV/DMB players, music downloaders, news apps, and calendar applications. . “In conclusion, it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions like power saving exclusion, or draw over other apps before allowing them. ” concludes the report.

Libraries

Libraries Risk IT Access

US CISA releases guidance on how to prevent ransomware data breaches

Security Affairs

AUGUST 21, 2021

The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks. “All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. Pierluigi Paganini.

Data breaches

Data breaches Ransomware Encryption Cybersecurity

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

Cybersecurity can be difficult to implement, and to make matters worse, the security professionals needed to do it right are in short supply. Managed IT security service providers (MSSPs) make life easier for organizations by providing outsourced expertise and tools at a fraction of the cost, time, and trouble of doing it yourself.

Security

Security Cybersecurity Cloud Access

Secure Together: video conferencing, credential stuffing and eye strain

IT Governance

APRIL 15, 2020

The video conferencing platform Zoom has been heavily criticised in recent weeks , amid a series of allegations related to its inadequate cyber security and privacy measures. It’s worth emphasising, then, that for all of Zoom’s security faults, the blame for this incident lies with users rather than the platform. Cyber attacks.

Security

Security Passwords Risk Phishing

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert urges organizations to review internal networks and mitigate the risks posed by the above factors. Windows 10).

Passwords

Passwords Systems administration Risk Access

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

Governance Requirements Senior Governing Bodies : NYDFS narrowed the previously proposed responsibilities for senior governing bodies by removing the requirement to “provide direction to management on the covered entity’s cybersecurity risk management.”

Cybersecurity

Cybersecurity IT Compliance Financial Services

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs

AUGUST 31, 2023

The vulnerability posed a risk not only to NSC systems but also to the companies using NSC services. It’s advisable for them to externally verify the information contained in emails and exercise caution when clicking links or opening attachments. Are the leaked passwords crackable?

Passwords

Passwords Healthcare Manufacturing Access

Navigating Interactions Between Investment Advisers and Their Portfolio Companies: Risks and Best Practices

Data Matters

JUNE 11, 2020

Securities and Exchange Commission’s (the SEC) examination and enforcement programs. The SEC has long warned of the risks of receiving MNPI from companies in which an individual or entity invests in other contexts. The broader MNPI enforcement landscape.

Risk

Risk Compliance Access IT

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This article will focus on some strategies that organizations should consider implementing in order to mitigate their cybersecurity risk as far as third-party service providers are concerned. This entry point is usually through the third party vendor whose security protocols are less secure.

Risk

Risk Cybersecurity Compliance Data breaches

An Expert Overview of CISM®

IT Governance

APRIL 4, 2024

A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. How is CISM different from general information security certifications? It’s not just technical training – it’s management training.

Information Security

Information Security Cloud Government Security

US govt warns critical infrastructure of ransomware attacks during holidays

Security Affairs

NOVEMBER 22, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn critical infrastructure partners of ransomware attacks during the holiday season. If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Phishing Authentication Passwords

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Turn up the volume with Table Top Exercises

Webinars

Trending Sources

UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns

Webinars

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

How to Package and Price Embedded Analytics

Security Leaders Can Lower Expenses While Reducing Risk

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The risk of pasting confidential company data into ChatGPT

Biden AI Order Enables Agencies to Address Key Risks

Bank of England cyber resilience exercise

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

UK Defence Secretary jet hit by an electronic warfare attack in Poland

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

A guide to cyber security for marketing agencies

ISO 27001: Gap analysis vs. risk assessment

Work from Home: 7 Best Security Practices for Remote Teams

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

MITRE and CISA release Caldera for OT attack emulation

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

2022 Cyber Security Review of the Year

New Jersey Becomes 14th State to Enact a Comprehensive State Privacy Law

Nearly a Million Kubernetes Instances Exposed on Internet

Biden-Harris Administration Announces New Actions to Promote Responsible Artificial Intelligence Innovation

Vulnerability Management – Business more secure

New Hampshire Becomes 15th State to Enact a Comprehensive State Privacy Law

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

New SEC Cybersecurity Rules Could Affect Private Companies Too

43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off

US CISA releases guidance on how to prevent ransomware data breaches

What is a Managed Security Service Provider? MSSPs Explained

Secure Together: video conferencing, credential stuffing and eye strain

FBI’s alert warns about using Windows 7 and TeamViewer

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Navigating Interactions Between Investment Advisers and Their Portfolio Companies: Risks and Best Practices

Cybersecurity: Managing Risks With Third Party Companies

An Expert Overview of CISM®

US govt warns critical infrastructure of ransomware attacks during holidays

Stay Connected