Category: Security Controls

Which cybersecurity framework is the best one to use for an organization?  This is one of the most frequently asked questions when embarking on the cybersecurity journey.  Often, the answer falls quite unsatisfyingly along the explanatory lines about how there is no one-size-fits-all solution, and how there are advantages and disadvantages to each.  The hardest […]… Read More

The post Complying with the Egypt Financial Cybersecurity Framework: What you Should Know appeared first on The State of Security.

Follies The Broadway Tower in Worcestershire, England is a famous structure. It’s inspiring, beautiful, and at 62 feet high, like other similar buildings, it’s a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change […]… Read More

The post Foundational Activities for Secure Software Development appeared first on The State of Security.

I’m delighted to share that I will be speaking for the first time at SecTor this year. The talk will be in Theatre 1 at 1:15pm on October 5th. In the session Neither Pointless Nor Boring: Pop It And Lock It Down With CIS Controls, I will be discussing the latest version of CIS Controls. […]… Read More

The post Neither Pointless Nor Boring: Pop It and Lock It Down with CIS Controls appeared first on The State of Security.

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and constantly improve to protect against ever-evolving security threats, and maintain the integrity of a database. […]… Read More

The post Major Database Security Threats & How You Can Prevent Them appeared first on The State of Security.

Authentication as a baseline security control is essential for organizations to know who and what is accessing corporate resources and assets.  The Cybersecurity and Infrastructure Security Agency (CISA) states that authentication is the process of verifying that a user’s identity is genuine. In this climate of advanced cyber threats and motivated cyber criminals, organizations need […]… Read More

The post Strong Authentication Considerations for Digital, Cloud-First Businesses appeared first on The State of Security.

It is hard to believe, but ransomware is more than three decades old.  While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the most publicized example. Since then, dozens of ransomware strains have been utilized in a variety of cyberattacks. According to a PhishLabs report, by […]… Read More

The post How Penetration Testing can help prevent Ransomware Attacks appeared first on The State of Security.

This week, I spoke with a new client who told me all about how they are looking forward to addressing a number of internal issues surrounding their IT systems. They explained that over the last 12 months, they repeatedly had issues of delays in service and outages, which had affected their business. Discussing this further, […]… Read More

The post Supply Chain Cybersecurity – the importance of everyone appeared first on The State of Security.

The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six basic controls can prevent 85 percent of the most common cyber attacks, and even though […]… Read More

The post How DevOps and CIS Security Controls Fit Together appeared first on The State of Security.

When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an […]… Read More

The post Cybersecurity Policy – time to think outside the box? appeared first on The State of Security.

GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability. Another important aspect of GitOps is that it makes security easier, especially in complex cloud […]… Read More

The post What Is GitOps and How Will it Impact Digital Forensics? appeared first on The State of Security.