Insight Search Search Submit Sort by: Relevance Date Search Sort by RelevanceDate Order AscDesc Newsletter May 10, 2022 SIFMA Quantum Dawn VI A Decade of Testing and Resilience Over the past 10 years, the Securities Industry and Financial Markets Association (SIFMA) has coordinated a series of industrywide resilience exercises known as Quantum Dawn. These exercises provide a forum for financial firms, regulatory bodies, central banks, law enforcement, government agencies, trade associations and information-sharing organisations to… Blogs January 13, 2023 The Evolution of Attacker Behavior: 3 Case Studies This blog post was authored by Mike Ortlieb, Director, Security and Privacy and Chris Porter, Associate Director, Security and Privacy on The Technology Insights Blog. Threat actors are an ever-evolving species. Portrayed in popular advertising as guys dressed in black, probably sporting a ski mask, the harsh reality is that these bad actors are everywhere and are getting more creative… Blogs January 11, 2023 For $62.59, the 8 Character Password is Still Dead Five years ago, we wrote a post called “The 8 Character Password is Dead,” which was an in-depth look at password cracking in 2017 and how eight-character passwords do not adequately protect organisations. In that analysis, we broke down the math and how quickly hardware purchased for under $5,000 could make an eight-character length irrelevant. Unfortunately, in just five years’ time, the… Blogs April 6, 2023 3 Steps to Understanding IAM Challenges in Securing the DevSecOps Ecosystem This blog post was authored by Siobhan Moran - Director, Senthil Kumar Kothandaraman - Associate Director, Security and Privacy on The Technology Insights Blog. DevSecOps is an organisational software engineering culture and practice that aims at unifying software development (Dev), application security (Sec), and operations (Ops). The main characteristic of DevSecOps is to monitor and… Flash Report July 31, 2023 SEC Cybersecurity Disclosure Enhancements: Efforts to Boost Investor Confidence On 26 July 2023, the U.S. Securities and Exchange Commission (SEC) adopted amendments1 to its rules on cybersecurity risk management, strategy, governance and incident reporting by public companies subject to the reporting requirements of the Securities Exchange Act of 1934. The SEC’s view is that cybersecurity threats and incidents pose an ongoing risk to public companies, investors and market… Blogs July 14, 2023 Smart contracts part 1: What is a smart contract? In recent years, there’s been considerable talk of blockchain and its use cases in the business world. While some of these topics have specific use cases – metaverse, decentralised finance, etc – there is one topic that underpins everything in the blockchain and decentralised space: smart contracts. Smart contracts are behind-the-scenes applications that route data, track changes and settle… Blogs July 14, 2023 Cybersecurity risk assessments vs. gap assessments: Why both matter As cybersecurity incidents continue to make headlines, whether involving the breach of sensitive information or the halting of an enterprise’s operations, cybersecurity risks remain top of mind for many organisations. To this end, organisations are continuously seeking to validate their cybersecurity defenses in protecting their assets and mitigating cybersecurity risks. Whitepaper February 21, 2023 ISO 27001: 2022 - Key Changes and Approaches to Transition This article will address the changes and updates to ISO 27001 standard published on October 25, 2022, and the approaches organizations can take to implement the changes introduced. There have been significant advancements in technology, as well as an increase in the complexity of security threats since the last iteration of ISO 27001 was published on September 25, 2013. The changes introduced in… Blogs June 19, 2023 A Guide to pen testing and red teaming: What to know now Penetration testing and red teaming are essential cybersecurity practices that bolster an organisation’s security posture by uncovering vulnerabilities within their systems, networks, and people or business processes. These methodologies have distinct objectives, scopes, approaches and technologies employed. Blogs June 30, 2023 A house divided: Key differences in cybersecurity implementation for IT and OT Anyone who has spent a significant amount of time in any U.S. state where college football is popular, has likely seen a “house divided” bumper sticker or license plate cover, with contrasting university logos. Many of us (and our friends and families) enjoy spirited rivalries (Roll Tide vs. War Eagle, The Egg Bowl, Bedlam, The Backyard Brawl, “The Game”). But we’re fundamentally not all that… Load More
