-
A Decade of Testing and Resilience
Over the past 10 years, the Securities Industry and Financial Markets Association (SIFMA) has coordinated a series of industrywide resilience exercises known as Quantum Dawn. These exercises provide a forum for financial firms, regulatory bodies, central banks, law enforcement, government agencies, trade associations and information-sharing organisations to…
-
This blog post was authored by Mike Ortlieb, Director, Security and Privacy and Chris Porter, Associate Director, Security and Privacy on The Technology Insights Blog.
Threat actors are an ever-evolving species. Portrayed in popular advertising as guys dressed in black, probably sporting a ski mask, the harsh reality is that these bad actors are everywhere and are getting more creative…
-
Five years ago, we wrote a post called “The 8 Character Password is Dead,” which was an in-depth look at password cracking in 2017 and how eight-character passwords do not adequately protect organisations.
In that analysis, we broke down the math and how quickly hardware purchased for under $5,000 could make an eight-character length irrelevant. Unfortunately, in just five years’ time, the…
-
On June 1, 2017, China’s Cybersecurity Law went into effect, marking an important milestone in China’s efforts to create strict guidelines on cyber governance. Long before the Cybersecurity Law took effect, China had already made some efforts to strengthen information security. For example, a white paper titled The Internet in China, published in 2010, served as an early guide to China’s policy…
-
DevSecOps is an organisational software engineering culture and practice that aims at unifying software development (Dev), application security (Sec), and operations (Ops). The main characteristic of DevSecOps is to monitor and apply security at all phases of the software lifecycle: Planning, development, integration, delivery, deployment and production.
Looking at DevSecOps through an IT…
-
On 26 July 2023, the U.S. Securities and Exchange Commission (SEC) adopted amendments1 to its rules on cybersecurity risk management, strategy, governance and incident reporting by public companies subject to the reporting requirements of the Securities Exchange Act of 1934. The SEC’s view is that cybersecurity threats and incidents pose an ongoing risk to public companies, investors and market…
-
In recent years, there’s been considerable talk of blockchain and its use cases in the business world. While some of these topics have specific use cases – metaverse, decentralised finance, etc – there is one topic that underpins everything in the blockchain and decentralised space: smart contracts. Smart contracts are behind-the-scenes applications that route data, track changes and settle…
-
This blog post was authored by Rob Woltering - Associate Director, Security and Privacy on the technology insights blog.
As cybersecurity incidents continue to make headlines, whether involving the breach of sensitive information or the halting of an enterprise’s operations, cybersecurity risks remain top of mind for many organisations. To this end, organisations are continuously…
-
This article will address the changes and updates to ISO 27001 standard published on October 25, 2022, and the approaches organizations can take to implement the changes introduced. There have been significant advancements in technology, as well as an increase in the complexity of security threats since the last iteration of ISO 27001 was published on September 25, 2013. The changes introduced in…
-
Penetration testing and red teaming are essential cybersecurity practices that bolster an organisation’s security posture by uncovering vulnerabilities within their systems, networks, and people or business processes. These methodologies have distinct objectives, scopes, approaches and technologies employed.
