Adam Shostack

FEBRUARY 27, 2020

The Berryville Institute of Machine Learning (BIML) has released “ An Architectural Risk Analysis of Machine Learning Systems.” BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version. The specific risks are challenging in several ways.

Risk 182

Risk Engineering Architecture Software 182

Adam Shostack

JANUARY 2, 2025

The DAIR Institutes response to the AI Pause letter calls for transparency and accountability, enforced by regulation: but organizations building these systems should also be required to document and disclose the training data and model architectures.

Architecture 130

Architecture Accountability Software Risk 130

Google Security

FEBRUARY 23, 2022

Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.

Risk 143

Risk Architecture Wireless Software 143

CyberSecurity Insiders

SEPTEMBER 21, 2021

What risks does 5G introduce? Defining 5G security and architecture. According to the document, 5G’s trustworthiness is made possible by a set of security features that were built using system design principles applied with a risk-based mindset. The security risks introduced. The post What is 5G security?

Architecture 117

Architecture IoT Mobile Risk 117

Security Affairs

NOVEMBER 21, 2019

An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9 th October 2019. It contained 10 high-level risk scenarios, based on the national risk assessments by EU Member States. The assessed threats refine the threats reviewed in the coordinated risk assessment. Understanding threat exposure.

Architecture 144

Architecture Risk Telecommunications Advertising 144

Adam Shostack

JANUARY 2, 2025

Risk Framework and Machine Learning The Berryville Institute of Machine Learning (BIML) has released " An Architectural Risk Analysis of Machine Learning Systems." BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version.

Risk 130

Risk Engineering Architecture 130

Security Affairs

NOVEMBER 2, 2024

The first documented attack against a Sophos facility is the one that targeted Cyberoam in 2018. Sophos identified and publicly disclosed these attacks, including campaigns like Asnarök and “Personal Panda,” while warning vulnerable organizations of the risks. ” concludes the report.

Firmware 123

Firmware Government Firewall Malware 123

SecureWorld News

JUNE 10, 2025

Developers now work in tandem with intelligent systems that suggest fixes, write documentation, and even predict deployment failures. Focusing on highest-impact risks: Applying AI not just to find vulnerabilities, but to prioritize and contextualize them, reducing alert fatigue and empowering teams to act.

Technology 90

Technology Artificial Intelligence Social Engineering Software 90

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk 111

Risk Data collection Architecture Government 111

SecureWorld News

APRIL 16, 2025

Shared memory, shared risk This is the big one: GPUs rely on shared memory architectures. Researchers have demonstrated attacks that can extract neural network architecture and weights by observing GPU memory access patterns. It holds sensitive datasetsPII, trade secrets, internal documents.

Architecture 95

Architecture Artificial Intelligence Passwords Risk 95

eSecurity Planet

APRIL 7, 2023

They can also use this time to identify any network components that operate with lesser security controls that put the rest of the network at risk. DMZ network architecture DMZ Architecture There are two main layout options to choose from when developing a DMZ subnetwork: a single firewall layout and a dual firewall layout.

Architecture 102

Architecture Firewall Network Security Technology 102

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. This can be achieved through the use of cyber risk management approaches. This article explores the need for security and provides an overview of cyber risk assessment. Organizations have long encountered various types of risk.

Cyber Risk 99

Cyber Risk Risk Architecture Firewall 99

SecureWorld News

JUNE 4, 2025

These brands not only have personal data of HNWIs and UHNWIs, but also sensitive internal documents that could be used for blackmail or sold to counterfeiters," Sarkar said. These entry points underscore the importance of managing risks within broader supply chain relationships." The reputational damage could be immense."

Retail 65

Retail Banking Financial Services Social Engineering 65

The Last Watchdog

MAY 19, 2022

Chances are strong that your corporate website uses a CMS, and perhaps you have a separate CMS for documents and other files shared by your employees, partners, and suppliers. Design your architecture in a way where the CMS back end (the behind-the-scenes content repository) is not directly coupled to the front end (the presentation system).

Data breaches 262

Data breaches Encryption Mobile Technology 262

Security Boulevard

MARCH 5, 2021

From a security standpoint, this new dependence on APIs changes the source of risk - it’s not just the front end under siege from traditional attacks and recon activities that map out backend processes. Thus, we’ve decided to document this disruption and the impact on how you have to view application security moving forward.

Architecture 69

Architecture Authentication DDOS Technology 69

Centraleyes

MAY 5, 2025

By achieving ISO 27001 certification , organizations can demonstrate to stakeholders that theyve implemented a rigorous, internationally accepted framework for managing and protecting information security risks. Determine Risk Treatment Options: Decide whether to mitigate, transfer, accept, or avoid risks.

Risk 59

Risk Information Security Firewall Education 59

Pen Test Partners

FEBRUARY 12, 2025

When it comes to compliance, the list of documentation and evidence pieces is broad. To help weve created a checklist of the key documents broken down per control to help you navigate PCI and ensure youve covered all bases. Update regularly : Review and update documents periodically to align with changing compliance requirements.

Penetration Testing 52

Penetration Testing Encryption Architecture Authentication 52

NetSpi Executives

JUNE 13, 2025

The vulnerability stems from architectural flaws rather than simple bugs, making them harder to fix with patches alone. An indirect prompt injection is, as defined by NIST : “Attacker technique in which a hacker relies on an LLM ingesting a prompt injection attack indirectly… by visiting a web page or document.”

Architecture 59

Architecture Risk Technology Software 59

Adam Shostack

JULY 8, 2019

I would find it more surprising if I were to look at a 150 page document and not find anything surprising.). Contrary to the commonly used definition of an [minimal risk condition, (MRC)], which describes only a standstill, this publication expands the definition to also include degraded operation and takeovers by the vehicle operator.

Risk 140

Risk Architecture Manufacturing Cybersecurity 140

Malwarebytes

SEPTEMBER 22, 2022

In Firefox 105 a total of seven vulnerabilities were patched, three of which received the security risk rating "high". One with the rating “high” risk. The HTTP CSP base-uri directive restricts the URLs which can be used in a document's <base> element. This bug only affects Firefox on ARM64 platforms.

Risk 98

Risk Architecture 98

Adam Shostack

MARCH 5, 2020

Amazon has released a set of documents, “ Updates to Device Security Requirements for Alexa Built-in Products.” More precisely, since I don’t have an Amazon developer account, I’m going to look at the blog post, and infer some stuff about the underlying documentation.). Alexa Built-in devices.

IoT 176

IoT Engineering Software Architecture 176

The Last Watchdog

FEBRUARY 26, 2023

Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.

Cyber threats 203

Cyber threats Software Risk CISO 203

Google Security

JULY 1, 2021

Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security Team Contributors to the Scorecards project , an automated security tool that produces a “risk score” for open source projects, have accomplished a lot since our launch last fall. Bad dependencies Any software is as secure as its weakest dependency.

Risk 111

Risk Software Architecture Internet 111

Security Affairs

APRIL 22, 2021

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. Therefore, it’s essential to carry out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy.

Software 137

Software Data privacy Architecture Risk 137

SC Magazine

MARCH 25, 2021

” “This certification is specifically valuable for the governance, risk and compliance job function,” added Narayanaswamy. Cloud represents a game changer for IT audits,” said Reavis – one that affects many aspects of risk management, governance and compliance.

Architecture 84

Architecture Technology Government Penetration Testing 84

SecureWorld News

OCTOBER 17, 2024

The attacks allow manipulation of AI responses simply by adding malicious content to any documents the AI system might reference, potentially leading to widespread misinformation and compromised decision-making processes within the organization. Anyone who can add a document to the folder that Copilot indexes can do this.

Social Engineering 116

Social Engineering Risk Architecture Marketing 116

Adam Shostack

JANUARY 2, 2025

Exploring supply chain threat modeling with Alexa Amazon has released a set of documents, " Updates to Device Security Requirements for Alexa Built-in Products." More precisely, since I don't have an Amazon developer account, I'm going to look at the blog post, and infer some stuff about the underlying documentation.)

IoT 130

IoT Engineering Architecture Accountability 130

Cisco Security

JUNE 29, 2022

The purpose of this document is to provide the reader with a high-level overview of cloud delivery models, introduce the different deployment scenarios in which cloud services can be operated in, and highlight the risks to an organization when deploying and operating a cloud environment. NIST Cloud Computing Reference Architecture.

Risk 127

Risk Internet Internet Software 127

Security Boulevard

JUNE 19, 2025

As the first documented zero-click exploit targeting a production AI system, it offers valuable insights into the emerging threat landscape that security professionals need to understand and prepare for. Any organization deploying similar systems faces comparable risks. As AI systems introduce new risks, security controls must evolve.

52

52

Security Boulevard

MAY 2, 2025

Back in September 2024, CISA sounded the alarm on critical infrastructure organizations susceptibility to common, well-known attack methods in its CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments report. Coast Guard conducted in 2023. Enforce multi-factor authentication across all software development environments.

Cybersecurity 52

Cybersecurity Software Cyber Risk Risk 52

eSecurity Planet

JUNE 22, 2022

Read also: Automating Security Risk Assessments for Better Protection. A document security system reads scanned documents with Optical Character Recognition to identify personally identifiable information. Gartner’s report highlights a new trend toward cybersecurity mesh architecture—an architecture of asset-first protection.

Cybersecurity 135

Cybersecurity Artificial Intelligence Architecture Technology 135

Thales Cloud Protection & Licensing

JANUARY 24, 2024

Protecting Against the Risks and Managing the Complexities of a Quantum World with Thales and IBM Consulting madhav Thu, 01/25/2024 - 11:03 Contributors: Ollie Omotosho - Director, Strategir Partnerships, Thales Antti Ropponen, Head of Data & Application Security Services, IBM Consulting In the world of business, data security is paramount.

Risk 87

Risk Encryption Technology Architecture 87

Notice Bored

JUNE 23, 2022

ISO/IEC 27003 offers a page of 'guidance on formulating an information security risk treatment plan (6.1.3 e))', which I won't quote in full but summarise and critique here: The RTP documents the outputs from '27001 clause 6.1.3 a) through c). Necessary control(s); Where both 'controls' and 'necessary' are decidedly ambiguous.

Risk 63

Risk Architecture InfoSec Accountability 63

Security Affairs

DECEMBER 25, 2020

As part of our secure IT architecture, CrowdStrike does not use Office 365 email.” . “Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.”

Architecture 139

Architecture Hacking Accountability Risk 139

Security Boulevard

OCTOBER 16, 2024

These standards focus on protecting sensitive information, securing hybrid cloud environments , and ensuring that organizations can effectively manage risk. NIST compliance is an ongoing process that requires continual evaluation, adjustment, and documentation to ensure that your organization follows specific practices.

Risk 111

Risk Government Cybersecurity Healthcare 111

Security Boulevard

JANUARY 9, 2025

Organizations have respondedand must continue toby adopting AI-powered cybersecurity tools and implementing zero trust architecture as a critical countermeasure. Unlike traditional applications, GenAI introduced unique threat models, including risks of accidental data leakage and adversarial attacks aimed at poisoning AI outputs.

Social Engineering 99

Social Engineering Architecture Phishing Risk 99

SecureWorld News

JANUARY 8, 2024

If so, they will have to disclose this in their next 8K report and document their security processes in their 10K at the end of the year." Organizations large and small should implement a Zero-Trust security architecture with least-privilege access to ensure employees only have access to what they need to do their jobs.

Architecture 111

Architecture Data breaches Retail Cybersecurity 111