%term

5 steps of the security questionnaire process to automate today

Dec 2, 2024 By Vanta In Vanta

As organizations sell to more discerning buyers, scrutiny on security and compliance practices grows. It’s certainly warranted—the frequency of third-party breaches is on the rise. In our State of Trust Report, almost half of all organizations surveyed say that a vendor of theirs experienced a data breach since they started working together. ‍

Read Post

Vanta

Read more about 5 steps of the security questionnaire process to automate today

How to Conduct a Risk Assessment for Your Disaster Recovery Playbook

Dec 2, 2024 By Narendra Sahoo In VISTA InfoSec

Risk management is at the heart of any effective disaster recovery (DR) plan or playbook. No business is immune to disruptions, whether from natural disasters, cyberattacks, or technical failures. The question isn’t if, but when these threats will materialize. A proactive approach to risk management allows businesses to identify, assess, and mitigate these threats before they can bring operations to a standstill.

Read Post

VISTA InfoSec

Read more about How to Conduct a Risk Assessment for Your Disaster Recovery Playbook

Web Shell Upload Via Extension Blacklist Bypass - Part 1

Nov 29, 2024 By VISTA InfoSec In VISTA InfoSec

We delve into an in-depth exploration of a common web security vulnerability related to file uploads and it demonstrates how attackers can exploit weaknesses in file extension blacklists to upload malicious web shells. We also cover the mechanics of bypassing these security measures, including specific techniques and tools used to see practical examples of how to conduct such an attack in a controlled environment, emphasizing the importance of understanding these vulnerabilities for defensive programming.

View Video

VISTA InfoSec

Read more about Web Shell Upload Via Extension Blacklist Bypass - Part 1

Demystifying EU Regulations: DORA and NIS2 - What They Mean for Your Business

Nov 29, 2024 By Calligo In Calligo

Ahead of the EU’s Digital Operational Resilience Act (DORA) coming into force on 17th January 2025, and on the back of the updated Network and Information Security Directive (NIS2) coming into effect from 17th October of this year, organisations across Europe are scrambling to understand what these regulations mean for them. The initial reaction from many businesses is one of concern, and understandably so, non-compliance can lead to significant penalties and reputational damage.

Read Post

Calligo

Read more about Demystifying EU Regulations: DORA and NIS2 - What They Mean for Your Business

ISO 27001 Certification Expired: Why, and What Can You Do?

Nov 29, 2024 By Max Aulakh In Ignyte

Two years ago, The International Organization for Standardization (ISO) published a long-awaited update to their primary cybersecurity framework, ISO 27001. The previous version, ISO 27001:2013, was nearly a decade old and in need of a refresh. The new version, ISO 27001:2022, is currently the version in effect. As part of the roll-out of ISO 27001:2022, companies were given instructions on how to transition to the new version from the 2013 version.

Read Post

Ignyte

Read more about ISO 27001 Certification Expired: Why, and What Can You Do?

How Automated Software Testing Ensures Security and Reliability

Nov 29, 2024 By SecuritySenses In SecuritySenses

Automated software testing ensures compliance, secures apps and protects data. Learn best practices and tools for meeting regulatory standards effectively.

Read Post

SecuritySenses

Read more about How Automated Software Testing Ensures Security and Reliability

6 Key Actions to Comply with Cybersecurity Regulations

Nov 28, 2024 By Matthew Terry In WatchGuard

NIS2, PCI DSS, GDPR, HIPAA or CMMC... this long list of acronyms reminds us that complying with cybersecurity regulations is crucial in today’s threat landscape to protect sensitive information and maintain trust in our organization. Moreover, non-compliance not only exposes companies to security risks, but can lead to significant financial penalties and reputational damage. Compliance also facilitates more agile audits.

Read Post

WatchGuard

Read more about 6 Key Actions to Comply with Cybersecurity Regulations

8 Steps to Compliance with NIST 800 53 [XLS Checklist]

Nov 28, 2024 By Ran Arad In Memcyco

Today, businesses don’t just rely on digital networks—they’re woven into them, with partners, third-party apps, and cloud platforms shaping their every move. Yet, every click, swipe, and connection opens a new door for attackers. As of August 2024, a staggering 52,000 new common vulnerabilities and exposures (CVEs) were identified worldwide, with last year alone witnessing a record 29,000 CVEs. These numbers paint a clear picture: cyber threats are multiplying at an alarming rate.

Read Post

Memcyco

Read more about 8 Steps to Compliance with NIST 800 53 [XLS Checklist]

How 1Password supports SOC 2 compliance

Nov 27, 2024 By Marc von Mandel In 1Password

The rapid adoption of cloud technologies and the increasing reliance on distributed workforces have transformed the modern business landscape. However, these shifts come with significant risks, particularly concerning the protection of sensitive data.

Read Post