Securing Your Supply Chain with CIS and Tripwire

Where were you when you first heard about the SolarWinds breach? It’s not unusual for information security professionals to learn about a breach. Keeping track of the news is part of the job. The SolarWinds attack, however, was different for two primary reasons.  First, it reached the level of mainstream news. The majority of breaches stay […]

Continue Reading

The SOC is blind to the attackable surface

A security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped SOC is often no match for a simple misconfiguration error. Organizations have piled security controls upon security controls, and still remain largely blind to the most serious threats they face. […]

Continue Reading

Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has introduced an updated set of baseline customer security controls that all of its users must implement on their SWIFT-related infrastructure by mid-year 2021. SWIFT is the world’s largest provider of secure financial messaging services to banks and other financial institutions. SWIFT has more than 11,000 users […]

Continue Reading

Notable Enhancements to the New Version of NIST SP 800-53

As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST). If you are unfamiliar with NIST, it is an organization that produces many publications including the well-respected Special Publication SP 800-53r5 standard, titled “Security and Privacy Controls for Information Systems and Organizations.”  Although intimidating in its initial appearance, this […]

Continue Reading