Insight Search Search Submit Sort by: Relevance Date Search Sort by RelevanceDate Order AscDesc Whitepaper June 1, 2022 How can an enterprise use access management to establish a Zero Trust environment? A hybrid RBAC, ABAC and PBAC framework is the best practice approach A strong access management programme is foundational to establishing a Zero Trust environment by using contextual information to continuously validate that users are who they say they are and by restricting user access to necessary resources only. Within the Zero Trust framework, identity governance and risk-based conditional… Newsletter May 10, 2022 SIFMA Quantum Dawn VI A Decade of Testing and Resilience Over the past 10 years, the Securities Industry and Financial Markets Association (SIFMA) has coordinated a series of industrywide resilience exercises known as Quantum Dawn. These exercises provide a forum for financial firms, regulatory bodies, central banks, law enforcement, government agencies, trade associations and information-sharing organisations to… Blogs January 13, 2023 The Evolution of Attacker Behavior: 3 Case Studies This blog post was authored by Mike Ortlieb, Director, Security and Privacy and Chris Porter, Associate Director, Security and Privacy on The Technology Insights Blog. Threat actors are an ever-evolving species. Portrayed in popular advertising as guys dressed in black, probably sporting a ski mask, the harsh reality is that these bad actors are everywhere and are getting more creative by the… Blogs January 11, 2023 For $62.59, the 8 Character Password is Still Dead Five years ago, we wrote a post called “The 8 Character Password is Dead,” which was an in-depth look at password cracking in 2017 and how eight-character passwords do not adequately protect organisations. In that analysis, we broke down the math and how quickly hardware purchased for under $5,000 could make an eight-character length irrelevant. Unfortunately, in just five years’ time, the… Blogs April 6, 2023 3 Steps to Understanding IAM Challenges in Securing the DevSecOps Ecosystem This blog post was authored by Siobhan Moran - Director, Senthil Kumar Kothandaraman - Associate Director, Security and Privacy on The Technology Insights Blog. DevSecOps is an organisational software engineering culture and practice that aims at unifying software development (Dev), application security (Sec), and operations (Ops). The main characteristic of DevSecOps is to monitor and apply… Flash Report July 31, 2023 SEC Cybersecurity Disclosure Enhancements: Efforts to Boost Investor Confidence On 26 July 2023, the U.S. Securities and Exchange Commission (SEC) adopted amendments1 to its rules on cybersecurity risk management, strategy, governance and incident reporting by public companies subject to the reporting requirements of the Securities Exchange Act of 1934. The SEC’s view is that cybersecurity threats and incidents pose an ongoing risk to public companies, investors and market… Blogs July 14, 2023 Smart contracts part 1: What is a smart contract? In recent years, there’s been considerable talk of blockchain and its use cases in the business world. While some of these topics have specific use cases – metaverse, decentralised finance, etc – there is one topic that underpins everything in the blockchain and decentralised space: smart contracts. Smart contracts are behind-the-scenes applications that route data, track changes and settle… Blogs July 14, 2023 Cybersecurity risk assessments vs. gap assessments: Why both matter As cybersecurity incidents continue to make headlines, whether involving the breach of sensitive information or the halting of an enterprise’s operations, cybersecurity risks remain top of mind for many organisations. To this end, organisations are continuously seeking to validate their cybersecurity defenses in protecting their assets and mitigating cybersecurity risks. Load More