Software Integrity Blog

Search Results for 'red teaming'

 

How to mitigate third-party security risks

Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]

Continue Reading...

Posted in General, Maturity Model (BSIMM), Software Architecture and Design

 

Lessons learned from this year’s biggest security breaches

As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do […]

Continue Reading...

Posted in Data Breach, General, Internet of Things

 

Synopsys expands security signoff solution with Cigital and Codiscope acquisition

Today Synopsys signed a definitive agreement to acquire two premiere security companies. Cigital, headquartered in Dulles, Virginia, is a large application security firm specializing in professional and managed services for identifying, remediating, and preventing vulnerabilities in software applications. Codiscope, headquartered in Boston, Massachusetts, is focused on security developer tools and training modules, which Cigital distributes. […]

Continue Reading...

Posted in Uncategorized

 

What does the Panama Papers leak have to do with your firm’s data security?

If you have the Internet, which presumably you must if you’re reading this, you’ve no doubt run across stories about the Panama Papers leak: the revelation that an estimated 2.6-terabyte leak of data given to the press may have you cheering the downfall of the politicians wailing for changes in tax policies. There’s one key detail that the […]

Continue Reading...

Posted in Data Breach, General

 

Rachel Tobac explains how ‘polite paranoia’ can derail social engineering attacks

Rachel Tobac thinks people are the first line of cyber security defense, not the weakest link. She talks about social engineering attacks and how to be “politely paranoid” with us. That old line “Just because you’re paranoid doesn’t mean they’re not out to get you” is supposed to be a joke. But when it comes […]

Continue Reading...

Posted in General

 

Lance Spitzner: How to secure the human operating system | NCSAM at Synopsys

The original version of this article was published in Forbes. If it is everyone’s job to ensure online safety at work, that means everyone needs more and better training in how to do it. One of those on the front lines of that effort is Lance Spitzner, director at SANS Security Awareness. Spitzner, a security awareness trainer […]

Continue Reading...

Posted in General

 

Protect your employees from phishing and social engineering | NCSAM at Synopsys

It was a busy summer for healthcare IT staff. The Minnesota Department of Human Services potentially breached 21,000 patients’ personal data. Gold Coast Health Plan emailed 37,000 patients to warn them their data had been exposed. And UnityPoint Health had to notify 1.4 million patients about a data breach—only months after the organization’s last data […]

Continue Reading...

Posted in General

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of […]

Continue Reading...

Posted in Automotive Security, General, Medical Device Security

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in General, Maturity Model (BSIMM), Security Standards and Compliance

 

Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?

This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in Bitcoin on […]

Continue Reading...

Posted in Data Breach