Information Security, InfoSec, IoT and Risk

ISO/IEC 27400 IoT security and privacy standard published

Notice Bored

JUNE 13, 2022

To celebrate the publication of ISO/IEC 27400:2022 today, we have slashed the price for our IoT security policy templates to just $10 each through SecAware.com. IoT policy is the first of the basic security controls shown on the 'risk-control spectrum' diagram above, and is Control-01 in the new standard.

IoT

IoT Manufacturing Risk Information Security

Stepping on the cracks

Notice Bored

MAY 24, 2021

Anyone seeking information security standards or guidance is spoilt for choice e.g. : ISO27k - produced by a large international committee of subject matter experts and national representatives NIST SP 800 series – well researched, well written, actively maintained. and loads more. and loads more. Three different perspectives.

InfoSec

InfoSec Risk IoT Information Security

Domotics - a can-o-worms

Notice Bored

APRIL 12, 2022

This morning, I’ve been browsing and thinking about ISO/IEC 27403 , a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. IoT things are generally just black-boxes. Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable.

IoT

IoT InfoSec Risk Security Awareness

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Non-encrypted data, insecure protocols and poor user authentication mechanisms are among the security issues that leave seismological networks open to breaches, the authors note.

IoT

IoT InfoSec Data collection Encryption

The Hacker Mind: Shattering InfoSec's Glass Ceiling

ForAllSecure

MARCH 8, 2023

Booth babes and rampant sexism were more of a problem in infosec in the past. I wrote two books, one on IoT Security and another with Kevin Mitnick, then jumped around a couple of different jobs. What if you are a woman in information security? That is, until Chenxi Wang spoke up. So I learned. And the good news?

InfoSec

InfoSec Engineering CSO Technology

ISO/IEC 27002 update

Notice Bored

FEBRUARY 20, 2022

The newly-published third edition of ISO/IEC 27002 is a welcome update to the primary ISO27k controls catalogue (officially, a 'reference set of generic information security controls'). Monitoring activities (8.16) - 'anomalies' on IT networks, systems and apps should be detected and responded to, to mitigate the associated risks.

IoT

IoT Risk Information Security Technology

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Standards development - a tough, risky business

Notice Bored

JULY 1, 2022

Although we already have considerable discretion over which information security controls are being managed within our ISO/IEC 27001 I nformation S ecurity M anagement S ystems today, an unfortunate side-effect of standardisation, harmonisation, adoption, accreditation and certification is substantial inertia in the system as a whole.

InfoSec

InfoSec Big data IoT Government

Water utility CISO offers tips to stay secure as IT and OT converge

SC Magazine

APRIL 26, 2021

As critical infrastructure facilities increasingly converge their IT and OT systems, visibility into traditionally isolated operational systems is turning into a key security challenge. However, such modernization is not without risk. So far, “it’s been going really well,” she said.

CISO

CISO IoT VPN InfoSec

Weaving strategies with policies

Notice Bored

NOVEMBER 26, 2021

From the information risk and security perspective, virtual working is both a nightmare and, again, an opportunity. so, how things going with your security strategy development, dear CISO? What can be done to facilitate secure virtual working? How can virtual working benefit information risk and security?

Risk

Risk Artificial Intelligence Technology InfoSec

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

JANUARY 22, 2024

23, 2024 — Sternum, the pioneer in embedded IoT security and observability, today announced enhanced security for the ChargePoint Home Flex. Thanks to the analysis and help of Sternum IoT, ChargePoint was able to correct weaknesses in CPH50, reduce the attack surface and thus improve the security of the product.

IoT

IoT InfoSec Firmware Manufacturing

Y2k + 20: risk, COVID and "the Internet issue"

Notice Bored

JANUARY 9, 2021

In risk terms, the probability of Y2k incidents approached 100% certain and the personal or societal impacts could have been catastrophic under various credible scenarios - if (again) the Y2k monster wasn't slain before the new year's fireworks went off. Go ahead, show me the associated risk profiles and documented security architectures.

Internet

Internet Internet Risk InfoSec

Charlotte Conference Kicks Off Season with Thought Leaders' Expertise

SecureWorld News

MARCH 8, 2023

Some other female speakers that highlighted the day included: Tamika Bass, Cybersecurity Director, Gannett Fleming Tamika Bass drove up from her home base in Atlanta to deliver her session on " Risk Management: Understanding How to Assess and Communicate Cybersecurity Risks " to more than 70 attendees.

Cybersecurity

Cybersecurity Risk InfoSec Data privacy

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. His contributions include founding Security BSides, serving as Strategist for Tenable, speaking at conferences, and co-hosting the podcast Security Voices.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Transition arrangements for ISO/IEC 27001

Notice Bored

FEBRUARY 24, 2022

More specifically: Note 1 may drop the word 'comprehensive' since Annex A is patently not a totally comprehensive list of information security controls. those from '27002:2022) to mitigate unacceptable information risks. If you are into, say, IoT or AI, you should look elsewhere for information security guidance.

Information Security

Information Security Risk IoT InfoSec

Top 5 Cybersecurity and Computer Threats of 2017

NopSec

FEBRUARY 9, 2017

As we look forward into 2017 cyber attacks , information security teams have to think like hackers in order to stay ahead of the challenges to come. The Internet of Things (IoT) The constantly expanding world of the Internet of Things (IoT) has already given hackers plenty of opportunity.

Cybersecurity

Cybersecurity DDOS IoT Social Engineering

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences. It's not a risk.

Hacking

Hacking Energy and Utilities Manufacturing Firmware

The Hacker Mind Podcast: DEF CON Villages

ForAllSecure

AUGUST 2, 2022

And, there’s thirty more villages including Girls Hack Village, the Voting Machine Hacking village, the IoT Village, and the Bio Hacking village. Anyone who has anyone in the information security community is usually melting under the hot Nevada sun. We get the InfoSec people that that were on enterprise systems.

Hacking

Hacking Computers and Electronics InfoSec Software

Complexity, simplified

Notice Bored

JULY 9, 2022

Despite not clearly expressing the risk, the bill specifies mitigating controls - well, sort of. As to the actual controls, well the bill takes a classical risk-management approach involving impact assessments and responses such as taking down unsafe content and banning users who published it. A veritable cost-cascade. Fair comment!

Mobile

Mobile InfoSec Media Risk

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet.

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet.

InfoSec

InfoSec Manufacturing Technology Software

Redesigning the Security Narrative

Duo's Security Blog

APRIL 29, 2022

As I immersed myself in foreign concepts around the information security industry, marketing, and business practices at scale, I grew to appreciate not just the technology we were building at Duo, but the people who built it, the diverse audiences that we addressed, and the unique problems-to-solve around security at large.

Marketing

Marketing Architecture InfoSec Authentication

Cyber Security Informer

ISO/IEC 27400 IoT security and privacy standard published

Stepping on the cracks

Trending Sources

Domotics - a can-o-worms

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

The Hacker Mind: Shattering InfoSec's Glass Ceiling

ISO/IEC 27002 update

Meet the 2021 SC Awards judges

Standards development - a tough, risky business

Water utility CISO offers tips to stay secure as IT and OT converge

Weaving strategies with policies

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

Y2k + 20: risk, COVID and "the Internet issue"

Charlotte Conference Kicks Off Season with Thought Leaders' Expertise

Top Cybersecurity Accounts to Follow on Twitter

Transition arrangements for ISO/IEC 27001

Top 5 Cybersecurity and Computer Threats of 2017

The Hacker Mind Podcast: Hacking Industrial Control Systems

The Hacker Mind Podcast: DEF CON Villages

Complexity, simplified

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Redesigning the Security Narrative

Stay Connected