Architecture and Risk - Cyber Security Informer

Review: Practical Security Architecture

Adam Shostack

MAY 26, 2021

” Similarly, everybody has both enterprise and product architecture. I have to say that because “architecture” is much maligned for being heavyweight, disconnected, and irrelevant in today’s world of Dev-Opsy CI/CD moving fast and breaking things. Some people are lucky enough to be able to design them.

Architecture

Architecture Risk

News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies

The Last Watchdog

SEPTEMBER 27, 2023

“TechBrief: Generative AI” begins by laying out a core challenge: the rapid commercialization of GenAI poses multiple large-scale risks to individuals, society, and the planet that require a rapid, internationally coordinated response to mitigate.

Risk

Risk Technology Artificial Intelligence Government

Realizing the Benefits of Zero Trust Architecture

SecureWorld News

JULY 21, 2023

Zero Trust Architecture (ZTA) is gaining significant traction among organizations as a new security framework. This strategic cybersecurity model challenges the traditional assumption of trust within networks, aiming to bolster data protection and minimize the risk of cyberattacks.

Architecture

Architecture Cybersecurity Authentication Data breaches

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

APRIL 17, 2023

Here are a few of the top security weaknesses that threaten organizations today: Poor risk management. A lack of a risk management program or support from senior management is a glaring weakness in your cybersecurity strategy. Spotty patching. Vulnerability management is another key consideration when it comes to security.

Cybersecurity

Cybersecurity Risk Cyber Attacks Data breaches

U.S. Government Issues an Executive Order for Zero-Trust Architecture

Doctor Chaos

MARCH 8, 2022

The modern world and its digital infrastructure remain at high risk of cyberthreats. Zero-trust architecture is an important part of this bulwark. The assumption that any specific node, application or digital product is secure can put an entire framework at risk. Precedent-Setting at the Federal Level.

Architecture

Architecture Government Cybersecurity Cybercrime

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. Planning required processes and security components when initially building your architecture. Related: The dangers of normalizing encryption for government use.

Risk

Risk Encryption Cyber threats CISO

Understanding AI risks and how to secure using Zero Trust

CyberSecurity Insiders

JUNE 12, 2023

Understanding AI threats Mitigating AI threats risks requires a comprehensive approach to AI security, including careful design and testing of AI models, robust data protection measures, continuous monitoring for suspicious activity, and the use of secure, reliable infrastructure.

Risk

Risk Data privacy Encryption Architecture

GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance

The Last Watchdog

APRIL 21, 2022

Related: The value of sharing third-party risk assessments. The threat landscape is also continuously changing, with new attacker trends coming to light and new software vulnerabilities discovered which put organizations at risk if they are not patched. Take a risk-based approach. Is data backed up regularly?

Risk

Risk Cybersecurity Data breaches Ransomware

Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk

Dark Reading

MARCH 30, 2022

Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.

Architecture

Architecture Risk

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

CSO Magazine

FEBRUARY 1, 2023

The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.

Risk

Risk Architecture Software

RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks

The Last Watchdog

JUNE 6, 2022

Unmanaged smartphones and laptops, misconfigured Software as a Service (SaaS) apps, unsecured Internet access present more of an enterprise risk than ever. Organizations need better insight in order to prioritize those actions that will help them reduce their risk the most. The third capability has to do with mitigating risks.

Cyber Risk

Cyber Risk Risk CISO Cyber Attacks

The business case for security strategy and architecture

Notice Bored

AUGUST 8, 2022

c omplementing and supporting various other business strategies and architectures such as cloud first, artificial intelligence, IIoT, big data, new products, new markets.); c omplementing and supporting various other business strategies and architectures such as cloud first, artificial intelligence, IIoT, big data, new products, new markets.);

Architecture

Architecture Artificial Intelligence Risk Information Security

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

CISA also says agencies should “deploy capabilities, as part of a Zero Trust Architecture, that enforce access control to the interface through a policy enforcement point separate from the interface itself (preferred action).”

VPN

VPN Risk Ransomware Malware

Cloud security risks remain very human

InfoWorld on Security

JUNE 28, 2022

However, the biggest cloud security risks continue to be the people who walk beside you in the hallways. Talk about cloud security and you’re likely to discuss provider-focused issues: not enough security, not enough auditing, not enough planning.

Risk

Risk Cybersecurity Architecture Accountability

Software Supply Chain Risks for Low- and No-Code Application Development

Security Boulevard

FEBRUARY 2, 2023

New architectures such as multi-cloud and microservices have made consistent security controls […] The post Software Supply Chain Risks for Low- and No-Code Application Development appeared first on Radware Blog. The post Software Supply Chain Risks for Low- and No-Code Application Development appeared first on Security Boulevard.

Software

Software Risk Architecture

Mitigating kernel risks on 32-bit ARM

Google Security

FEBRUARY 23, 2022

Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux development, and most contributors were students or hobbyists, tinkering with development boards, often without much in the way of documentation.

Risk

Risk Architecture Wireless Software

Lessons From the 2023 National Risk Register Report

IT Security Guru

AUGUST 17, 2023

The 2023 Edition of the National Risk Register predicts that, in the next two years, there is a 5 to 25% chance that a devastating attack will target critical infrastructure and cause physical harm. Meanwhile, cyberattacks are getting more sophisticated, increasing the risk of threats such as supply chain attacks and ransomware.

Risk

Risk Ransomware Passwords Cybersecurity

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. It means anti-phishing tools so your teams can open emails without needless hesitation or risk. This leads to revenue gains and positive customer outcomes.

Cybersecurity

Cybersecurity Risk Cyber threats CISO

Top Four Steps to Reduce Ransomware Risk

Tech Republic Security

JULY 24, 2022

IT leaders must integrate security tools into a cooperative, consolidated ecosystem using a composable and scalable cybersecurity mesh architecture (CSMA) approach. The post Top Four Steps to Reduce Ransomware Risk appeared first on TechRepublic. By 2024, organizations adopting a CSMA to integrate security tools to.

Ransomware

Ransomware Risk Cybersecurity Architecture

The Risk of Stateful Anti-Patterns in Enterprise Internet Architecture

Dark Reading

OCTOBER 17, 2022

Excessive statefulness hurts the ability to scale networks, applications, and ancillary supporting infrastructure, thus affecting an entire service delivery chain's ability to withstand a DDoS attack.

DDOS

DDOS Architecture Internet Internet

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. This can be achieved through the use of cyber risk management approaches. This article explores the need for security and provides an overview of cyber risk assessment. Organizations have long encountered various types of risk.

Cyber Risk

Cyber Risk Risk Firewall Identity Theft

BrandPost: Managing Cloud Risks with Cloud-Native Protection

CSO Magazine

SEPTEMBER 22, 2022

The pandemic generated quite a bit of demand in the cloud, thanks primarily to organizations scrambling over night to transform their IT architectures and implement more of a hybrid model. Organizations will continue to invest in innovative security solutions in the fast-changing IT world to address emerging risks.

Risk

Risk Architecture

New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises

CyberSecurity Insiders

FEBRUARY 16, 2021

To download the full study, see the Zscaler 2021 VPN Risk Report. However, the increased demand for remote work solutions, a shift to the cloud, and advancements in digital transformation have uncovered increased incompatibility between VPNs and true zero-trust security architectures. About Zscaler. Media Contacts. Natalia Wodecki.

VPN

VPN Risk Cybersecurity Ransomware

Case Study: High Security Architecture for Healthcare Networks

Security Boulevard

JULY 16, 2021

We recently worked with one of the largest hospitals in Canada to enhance their Privileged Access Management strategy as they adopted a new, high-security architecture. Domain admin behavior increases risk of Pass-the-Hash attacks. A PAW model creates an isolated virtual zone in which sensitive accounts can operate with low risk.

Architecture

Architecture Healthcare Cyber Attacks Penetration Testing

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

FEBRUARY 27, 2020

The Berryville Institute of Machine Learning (BIML) has released “ An Architectural Risk Analysis of Machine Learning Systems.” BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version. The specific risks are challenging in several ways.

Risk

Risk Engineering Architecture Software

Designing and Building a Security Architecture

Security Boulevard

JUNE 10, 2021

A security architecture is an opportunity to work across projects in a consistent, systematic and structured. The post Designing and Building a Security Architecture appeared first on Security Boulevard.

Architecture

Architecture Network Security Risk Cybersecurity

BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore

Security Boulevard

JULY 12, 2023

Permalink The post BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore appeared first on Security Boulevard. Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel.

Architecture

Architecture CISO InfoSec Risk

Best Practices for a Modern Cloud Security Architecture

Thales Cloud Protection & Licensing

FEBRUARY 17, 2022

Best Practices for a Modern Cloud Security Architecture. I was invited to the 2021 Thales Cloud Security Summit to discuss modern cloud security architecture with Alex Hanway. I was invited to the 2021 Thales Cloud Security Summit to discuss modern cloud security architecture with Alex Hanway. Thu, 02/17/2022 - 08:34.

Architecture

Architecture Risk Software

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

JULY 22, 2021

It also feeds into the larger argument for adopting a zero-trust architecture , a methodology that essentially assumes that no user or devices trying to connect to the network can be trusted until they’re authenticated and verified. There also is the zero-trust architecture, according to the ThreatLabz report.

IoT

IoT Risk Malware CISO

What is 5G security? Explaining the security benefits and vulnerabilities of 5G architecture

CyberSecurity Insiders

SEPTEMBER 21, 2021

What risks does 5G introduce? Defining 5G security and architecture. According to the document, 5G’s trustworthiness is made possible by a set of security features that were built using system design principles applied with a risk-based mindset. The security risks introduced. What security enhancements are built in?

Architecture

Architecture IoT Threat Detection Cyber Attacks

Amazon Sidewalk highlights network security visibility risks consumer services pose

CSO Magazine

AUGUST 17, 2021

New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of visibility. Learn the must-have features in a modern network security architecture. |

Network Security

Network Security Consumer Services Risk CSO

Best Risk Management Software for 2021

eSecurity Planet

NOVEMBER 5, 2021

Enterprise risk management software can provide risk monitoring, identification, analysis, assessment, and mitigation, all in one solution. . While a number of solutions focus on the operational and financial risks posed to enterprises, this article focuses on software vendors specializing in cybersecurity risk management.

Risk

Risk Software Cybersecurity Government

CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short

CSO Magazine

SEPTEMBER 28, 2021

President Biden’s Executive Order 14028 “Improving the Nation’s Cybersecurity” directed the Cybersecurity and Infrastructure Security Agency (CISA) to create a cloud-security technical reference architecture (RA ) in coordination with the Office of Management and Budget (OMB) and the Federal Risk and Authorization Management Program ( FedRAMP ).

Architecture

Architecture Cloud Migration Cybersecurity Government

The White House Memo on Adopting a Zero Trust Architecture: Top Four Tips

Cisco Security

FEBRUARY 4, 2022

On the heels of President Biden’s Executive Order on Cybersecurity (EO 14028) , the Office of Management and Budget (OMB) has released a memorandum addressing the heads of executive departments and agencies that “sets forth a Federal zero trust architecture (ZTA) strategy.” In other words, one size does not fit all.

Architecture

Architecture CISO Authentication Cybersecurity

Top Five Risks of Perimeter Firewalls and the One Way to Overcome Them All

Tech Republic Security

MARCH 10, 2022

Firewalls have been an integral part of the enterprise network architecture. But with the shift to digital business models the once-sturdy firewall has gone from a security staple to a security risk. Read more to learn the five major risks brought on by legacy firewalls in a world of cloud and mobile.

Firewall

Firewall Risk Architecture Mobile

'Downfall' Vulnerability Unveiled as New Security Risk in Intel CPUs

SecureWorld News

AUGUST 8, 2023

Understanding the Downfall vulnerability The Downfall vulnerability centers around an architectural feature found in Intel's CPUs, specifically in the x86 architecture. This architecture relies on a technique known as the "gather" instruction to speed up memory access and processing.

Data breaches

Data breaches Risk Encryption Architecture

Cybersecurity Risks of 5G – And How to Control Them

eSecurity Planet

SEPTEMBER 1, 2021

Consumers and organizations are enthused about the operational benefits of more robust mobile connectivity, but the shift to 5G networks doesn’t come without risks. Here we’ll discuss the most significant risks posed by 5G, how U.S. Table of Contents What Are the Cybersecurity Risks of 5G? How is 5G Different?

Cybersecurity

Cybersecurity Risk IoT DDOS

The sadly neglected Risk Treatment Plan

Notice Bored

JUNE 23, 2022

ISO/IEC 27003 offers a page of 'guidance on formulating an information security risk treatment plan (6.1.3 Plus there's the added question of whether even fully implemented controls are in fact effectively mitigating the risks as intended: are they in use, active, working properly, generating value for the organisation and earning their keep?

Risk

Risk InfoSec Information Security Architecture

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

The Last Watchdog

FEBRUARY 27, 2023

SASE architectures must be validated end to end—from users and branches, through SASE points of presence, to cloud application servers. Additionally, performance needs to be profiled across all networks and SASE behavior measured across all architectures—virtualized, containerized, and bare metal Jeyaretnam Test for the real world.

Firewall

Firewall Risk Telecommunications Architecture

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

The Hacker News

JULY 25, 2023

A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.

Encryption

Encryption Passwords Risk Architecture

Hyperautomation and Cybersecurity – A Platform Approach to Telemetry Architectures

McAfee

AUGUST 3, 2021

In the context of cybersecurity, a patchwork of stovepipe solutions not only exposes the environment to risk, but also impacts the cyber defender’s ability to fortify the environment and respond to threats at machine speed. MVISION Insights and MVISION XDR are great starts. Workflows are effortless to orchestrate.

Cybersecurity

Cybersecurity Architecture Cyber threats Cyber Attacks

NSA and ODNI analyze potential risks to 5G networks

Security Affairs

MAY 12, 2021

National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have analyzed the risks and vulnerabilities associated with the implementation of 5G networks. 5G Systems Architecture Sub-Threat Vectors. ” reads the report.

Risk

Risk Cyber Attacks Cybersecurity Architecture

What Is a DMZ Network? Definition, Architecture & Benefits

eSecurity Planet

APRIL 7, 2023

They can also use this time to identify any network components that operate with lesser security controls that put the rest of the network at risk. DMZ network architecture DMZ Architecture There are two main layout options to choose from when developing a DMZ subnetwork: a single firewall layout and a dual firewall layout.

Architecture

Architecture Firewall Network Security DNS

OWASP® Global AppSec US 2021 Virtual – Fraser Scott’s ‘Automating Architectural Risk Analysis With The Open Threat Model Format’

Security Boulevard

APRIL 29, 2022

The post OWASP® Global AppSec US 2021 Virtual – Fraser Scott’s ‘Automating Architectural Risk Analysis With The Open Threat Model Format’ appeared first on Security Boulevard.

Architecture

Architecture Risk Education

Review: Practical Security Architecture

News alert: ACM TechBrief lays out risks, policy implications of generative AI technologies

Trending Sources

Realizing the Benefits of Zero Trust Architecture

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

U.S. Government Issues an Executive Order for Zero-Trust Architecture

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

Understanding AI risks and how to secure using Zero Trust

GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance

Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks

The business case for security strategy and architecture

CISA Order Highlights Persistent Risk at Network Edge

Cloud security risks remain very human

Software Supply Chain Risks for Low- and No-Code Application Development

Mitigating kernel risks on 32-bit ARM

Lessons From the 2023 National Risk Register Report

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Top Four Steps to Reduce Ransomware Risk

The Risk of Stateful Anti-Patterns in Enterprise Internet Architecture

The ultimate guide to Cyber risk management

BrandPost: Managing Cloud Risks with Cloud-Native Protection

New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises

Case Study: High Security Architecture for Healthcare Networks

Threat Model Thursday: BIML Machine Learning Risk Framework

Designing and Building a Security Architecture

BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore

Best Practices for a Modern Cloud Security Architecture

IoT Devices a Huge Risk to Enterprises

What is 5G security? Explaining the security benefits and vulnerabilities of 5G architecture

Amazon Sidewalk highlights network security visibility risks consumer services pose

Best Risk Management Software for 2021

CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short

The White House Memo on Adopting a Zero Trust Architecture: Top Four Tips

Top Five Risks of Perimeter Firewalls and the One Way to Overcome Them All

'Downfall' Vulnerability Unveiled as New Security Risk in Intel CPUs

Cybersecurity Risks of 5G – And How to Control Them

The sadly neglected Risk Treatment Plan

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

Hyperautomation and Cybersecurity – A Platform Approach to Telemetry Architectures

NSA and ODNI analyze potential risks to 5G networks

What Is a DMZ Network? Definition, Architecture & Benefits

OWASP® Global AppSec US 2021 Virtual – Fraser Scott’s ‘Automating Architectural Risk Analysis With The Open Threat Model Format’

Stay Connected