Threat modeling frameworks and methodologies

Threat modeling is a process by which organizations can shift their security approach from reactively plugging exploits to proactively and systematically understanding and addressing potential threats in the design stage. This process identifies potential threats to the system, data/asset exposure, logical/architectural vulnerabilities, and relevant security controls to help evaluate security decisions, serve as a guide... Continue Reading →

Application visibility is key for data center micro segmentation

Micro segmentation is key for zero-trust network Micro segmentation divides a network at a granular level, allowing organizations to tailor security settings to different types of traffic and create policies that limit network and application flows to those that are explicitly permitted. It allows security teams the flexibility to apply the right level of protection... Continue Reading →

Importance of security operational metrics and reports

Enterprise today has limited security resources and are strive to ensure the confidentiality, availability and integrity of data. The cost of securing operational assets and data is an important consideration. Each enterprise must find ways to balance between managing risk and cyber security expenditures. Role of measurements and metrics in security operation center Measurements tend... Continue Reading →

Securing Container workloads for Enterprise

What are containers?  Containers represent a transformational change in the way apps are built and run. Containers package an application and all its dependencies into a single image that can be promoted from development, to test, to production, without change. Containers provide consistency across environments and multiple deployment targets: physical servers, virtual machines (VMs), and... Continue Reading →

CEO’s guide to ensure compliance with GDPR

Overview of the GDPR The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. In May 2018, a European privacy law is due to take effect... Continue Reading →

Compliance frameworks for cloud security providers across globe

Many organisations have moved some or all of their IT to the cloud, but it’s resulted in unexpected costs, fragmentation, and a need for more security staff to monitor data, mitigate advanced threats and meet regulatory & compliance requirements. Until few years ago - the mission critical data of an organization will be within walls (data... Continue Reading →

NIST released the draft NICE Cybersecurity Workforce Framework (NCWF)

The NICE Cybersecurity Workforce Framework (NCWF) is a national resource that categorizes and describes cybersecurity work. It provides employers, employees, educators, students, and training providers with a common language to define cybersecurity work as well as a common set of tasks and skills required to perform cybersecurity work. Through the process of identifying the cybersecurity... Continue Reading →

US Cybersecurity Framework – Common concerns

US Cybersecurity Framework - Common ConcernsSpending on security continues to increase. Recent Wall Street Journal article says, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier, according to Allied Business Intelligence Inc.”President Obama released E.O. 13636 on Feb. 12, 2013 including Sec. 7. Baseline... Continue Reading →

Blog at WordPress.com.

Up ↑

%d bloggers like this: