Why chasing risk assessments will have you chasing your tail

Third-party risk assessments are often described as time-consuming, repetitive, overwhelming, and outdated. Think about it: organizations, on average, have over 5,000 third parties, meaning they may feel the need to conduct over 5,000 risk assessments. In the old school method, that’s 5,000 redundant questionnaires. 5,000 long-winded Excel sheets. No wonder they feel this way. The […]

Continue Reading

NUVOLA: the new Cloud Security tool

nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa (@_notdodo_), Security Engineer at Prima Assicurazioni. The tool was released during the RomHack 2022 security conference in Rome. The tool helps the […]

Continue Reading

Navigating data privacy in the higher education ecosystem

The need for academic institutions to become data privacy advocates is paramount. Over the past 24 months, higher education institutions have accelerated digital transformation initiatives. While that transformation has been underway for some time, the pandemic quickened the pace and pushed data privacy and security among administrators’ top concerns. Institutions and their technology providers suddenly […]

Continue Reading

Mapping ATT&CK techniques to CVEs should make risk assessment easier

Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered vulnerability, the MITRE Engenuity team urges. “Using ATT&CK facilitates making descriptions of impacts and exploitation methods consistent across reports. When used in a vulnerability report, ATT&CK’s tactics and techniques enable defenders to […]

Continue Reading

While businesses are ramping up their risk mitigation efforts, they could be doing more

Zurich North America and Advisen have released a survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk management. The survey results indicate that risk professionals are increasingly aware of their intensifying cyber risks and the need to manage them using risk mitigation and risk transfer. However, a […]

Continue Reading