October 25, 2024 at 08:46AM CISA, FBI, and ACSC have released guidance aimed at assisting software manufacturers in creating secure deployment processes. This new security guide aims to strengthen the safety and reliability of software applications. The information was shared in a report by SecurityWeek. **Meeting Takeaways:** 1. **Publication of Guidance**: CISA (Cybersecurity and Infrastructure … Read more
September 26, 2024 at 08:32AM NIST’s latest password guidelines (SP 800-63-4) no longer recommend using a mix of character types or regular password changes. They suggest CSPs stop mandating specific password types and periodic changes, and reduce knowledge-based authentication usage. The new guidelines stress a minimum 15-character length, allowing up to 64 characters, and incorporating … Read more
May 3, 2024 at 06:57AM SaaS applications are dominant in the corporate world, but they pose new security risks. LayerX’s guide “Let There Be Light: Eliminating the Risk of Shadow SaaS” addresses the challenges of unauthorized SaaS app usage, suggesting mitigation practices and comparing security controls. It recommends secure browser extensions as the most comprehensive … Read more
April 29, 2024 at 01:59PM CISA, the US government cybersecurity agency, has released guidelines to enhance critical infrastructure security against AI-related threats. The guidelines identify three types of AI risks and advocate a four-part mitigation strategy, emphasizing a robust organizational culture focused on AI risk management. CISA also stresses the need for contextualized risk evaluation … Read more
April 26, 2024 at 12:37PM Government and security-sensitive firms are requiring software bills of material (SBOMs), listing components of applications. Attackers could exploit this information without sending packets. Larry Pesce warns that publicly accessible SBOMs can expose vulnerabilities. Yet, SBOMs aim to enhance software security, with 60% adoption expected by next year. Pesce advises using … Read more
March 15, 2024 at 12:33PM All companies, not just federal agencies, should strive to implement the “network and environment” aspect of the National Security Agency’s zero-trust guidelines. Based on the meeting notes, the key takeaway is that it is recommended for all companies, not just federal agencies, to strive to implement the “network and environment” … Read more