New threats demand that we transform the way we think about securing the endpoints. Case in point: APIs, writes Ross Moore.
If you work within the security industry, compliance is seen almost as a dirty word. You have likely run into situations like that which @Nemesis09 describes below. Here, we see it’s all too common for organizations to treat testing compliance as a checkbox exercise and to thereby view compliance in a way that goes against its entire purpose. There are challenges when it comes to compliance, for sure. Organizations need to figure out whether to shape their efforts to the letter of an existing law or to base their activities in the spirit of a “law” that best suits their security needs—even if that law doesn’t exists. There’s also the assumption that a company can acquire ‘good enough’ security by implementing a checkbox exercise, never mind the confusion explained by @Nemesis09. Podcast Episode 141: Massive Data Breaches Just Keep Happening. We Talk about Why. However, there is truth behind why […]
Galen Emery of Chef comes into the Security Ledger studios to talk about how security and compliance are “shifting left” with DEVSECOPS.
Third party cyber risk is growing. Despite that, most companies are unprepared to address it in a systematic way. In this Spotlight Podcast, a companion to our new eBook, Rethinking Third Party Cyber Risk Management, we go deep on the topic of building a mature third party cyber risk program with Dave Stapleton the Director of Assessment Operations at the firm CyberGRX* and Jon Ehret, the President & Co-Founder of Third Party Risk Association.
The General Data Privacy Regulation (GDPR) seems to already be having a positive effect on the state of cybersecurity in Europe less than seven months after it was enacted, showing that policy indeed can have a direct effect on organizations’ security practices, security researchers said.