Security & Resilience Dispatches

Various types of data need to be protected to ensure privacy, security, and compliance with regulations. Here are some common categories of data that require protection: Personal Identifiable Information (PII): This includes sensitive information that can identify an individual, such as names, addresses, Social Security numbers, passport numbers, driver’s license numbers, and financial account details. Financial Data: Financial information like bank account numbers, credit card details, transaction records, and investment Read more…

There are several types of attacks that can target a Wi-Fi network. Here are some common ones, along with brief explanations and suggestions for mitigation: Rogue Access Points (APs): Attackers can set up rogue APs to mimic legitimate networks and trick users into connecting to them. Mitigation involves regularly scanning for unauthorized APs, implementing strong authentication mechanisms, and educating users about the risks of connecting to unknown networks. Eavesdropping: Attackers Read more…

Defense in depth, in the context of cybersecurity, refers to a comprehensive approach that involves deploying multiple layers of security controls and measures to protect computer systems, networks, and data. The concept is based on the principle that relying on a single security measure is insufficient to safeguard against sophisticated cyber threats, and a multi-layered defense strategy is required. The goal of defense in depth is to create a series Read more…

Developing a cloud security program involves several key steps to ensure the protection of your cloud infrastructure and data. Here’s a high-level overview of the process: Define your security requirements: Identify your organization’s specific security needs and objectives. Consider the types of data you will store in the cloud, compliance requirements, and any industry-specific regulations you must adhere to, ie, HIPPA, FISMA, GDPR, PCI PSS, SOX, [NIST for guidance]. Assess Read more…

A cyber Security gap analysis is typically conducted to identify the gaps between an organization’s current cybersecurity posture and desired or required security standards. It helps assess the organization’s strengths and weaknesses in terms of cybersecurity controls, policies, procedures, and practices. Here’s an outline of the steps involved in undertaking a cybersecurity gap analysis: Define the Scope: Clearly define the scope of the gap analysis, including the systems, networks, processes, Read more…

There are countless security threats that affect software applications. However, the Open Web Application Security Project (OWASP) Top 10 list compiles the application threats that are most prevalent and severe, and most likely to affect applications in production. AppSec initiatives must focus at least on these high profile threats to modern applications: Injection—code injection involves a query or command sent to a software application, which contains malicious or untrusted data. Read more…

In the United Kingdom, several laws and regulations exist that relate to cybersecurity and data protection, which companies are required to comply with. Here are some key laws: General Data Protection Regulation (GDPR): Although the GDPR is an EU regulation, it has been incorporated into UK law through the Data Protection Act 2018. It sets out requirements for the processing and protection of personal data and imposes significant obligations on Read more…

While network-based threats are common, there are also non-network cyber threats that can compromise the security and integrity of computer systems and data. Here are some examples of non-network cyber threats: Malware: Malicious software, such as viruses, worms, trojans, ransomware, and spyware, that infects and compromises computers or networks. Malware can be introduced through various means, such as infected USB drives, malicious email attachments, or compromised software. Physical Attacks: Attacks Read more…