Cybersecurity Is Critical, but Breaches Don’t Have to Be Disasters

November 21, 2024 at 10:05AM The rise in cybersecurity breaches, despite heavy investments, emphasizes the need for resilience over mere prevention. Companies should view breaches as learning opportunities, adopting strategies like daily stress tests, self-healing systems, and collective defense. A culture of resilience enhances recovery, fosters customer trust, and positions organizations competitively against evolving threats. … Read more

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

September 5, 2024 at 06:03AM The NIST Cybersecurity Framework (CSF), introduced in 2013, provides a voluntary framework to manage cyber risk by organizing and prioritizing security measures into five core functions. The latest version, CSF 2.0, emphasizes continuous improvement, broader enterprise risk management, and proactive cybersecurity. The CSF and Continuous Threat Exposure Management (CTEM) program … Read more

Minimum Viable Compliance: What You Should Care About and Why

April 26, 2024 at 10:04AM In the IT security space, even small issues can lead to serious threats, causing stress and burnout for security professionals. Chief information security officers (CISOs) face personal liability for their organizations’ security. While other areas prioritize speed and minimal viable products, security teams must consider regulations. The MVC approach focuses … Read more

Infosec teams must be allowed to fail, argues Gartner

March 18, 2024 at 03:36AM Gartner analysts Mixter and Xiu argue that a zero-tolerance approach to failure in information security is unrealistic. They advocate for a focus on effective recovery from cyber attacks, rather than expecting total prevention. They recommend developing recovery plans, prioritizing investments, and addressing mental health among infosec workers. The analysts also … Read more

The Imperative for Modern Security: Risk-Based Vulnerability Management

February 29, 2024 at 07:57AM The news has been filled with reports of various vulnerabilities being exploited, highlighting the urgent need for organizations to modernize their vulnerability management practices. With the rise in cyber threats, organizations face resource constraints and challenges in patch management, making a risk-based approach essential for prioritizing and managing vulnerabilities effectively. … Read more

5 Tips for Strengthening the Developer-Security Team Relationship

December 22, 2023 at 10:05AM The dynamic between software developers and security teams is crucial for a productive work environment. Shifting from a reactive to a proactive approach, organizations can enhance collaboration, leverage context for focused remediation, improve code dependency visibility, educate developers with the right tools, and foster a culture of continuous feedback for … Read more

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

November 20, 2023 at 07:45AM Shifting to a converged Secure Services Edge (SSE) model with a clear path to SASE improves cybersecurity, but it’s important to assess risk profiles before adopting SSE platforms. Factors to consider include certifications and compliance, reputation and history, data security measures, service-level agreements, and commitment to continuous improvement. By evaluating … Read more