data security – EA Voices

2 years, 8 months ago

Solorigate: A case study for why supply chain security is critical for governments and businesses

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.

5 years, 3 months ago

Risk Tech, Reg Tech – All The 2018 Tech

by Nick Hayes

We recently published our Risk And Compliance Tech Tide report outlining 14 core technologies to track in 2018. One of the challenging parts of this research is setting the right scope. We found risk and compliance technology everywhere, covering every…

5 years, 5 months ago

Introducing The Open Group Open FAIR™ Risk Analysis Tool

by Open Group

Since late in 2016, The Open Group Security Forum have been collaborating with San Jose State University and Probability Management to develop a Risk Analysis tool that adheres to The Open Group Open FAIR™ Standard.

With a view to creating a tool that helps accelerate the adoption of the Open FAIR standard, the tool provides both experienced and novice risk practitioners with a practical and pragmatic tool to help analyse perceived risk in a consistent and simple to use way, whatever industry they work in. It is now ready and we are pleased to make it available to use and evaluate for free.

5 years, 7 months ago

Zero Trust on a Beer Budget

by Chase Cunningham

I have a good friend that has a small business (roughly 100 employees and 2 office locations, everything lives in the cloud, no real “network” to speak of) that is doing well. A few weeks ago, over barbeque and range time (some folks play golf, we sho…

5 years, 9 months ago

Uber’s Uber Breach: A Stunning Failure In Corporate Governance And Culture

by Heidi Shey

When a breach is announced most security & risk pros are not too surprised. Yet Uber found a way to make the industry raise our collective eyebrows when it was discovered that Uber not only suffered a breach in late 2016 and failed to notify affect…

6 years, 8 days ago

Forrester Gathers Experts Across Disciplines To Tackle Europe’s Most Pressing Privacy, Security, and Trust Challenges

by Laura Koetzle

Fresh off a successful event in Washington, DC last week, we’re gearing up for Forrester’s Privacy & Security Forum Europe in London on 5-6 October. Forrester is gathering experts in cybersecurity, privacy, customer experience, regulatory compliance, identity management, personalization, blockchain, and a range of related topics. Together, Forrester analysts and leaders from firms like ABN […]

6 years, 19 days ago

Equifax Does More Than Credit Scores

by Jeff Pollard

Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected? Second, What about our spouse and other immediate family members? Third, Better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]

6 years, 19 days ago

Forrester’s Privacy And Security Forum Brings Diverse Experts To Devious Challenges

by Chris McClean

Well, the privacy hits keep coming: another breach, more than a hundred million people affected, untold losses for another company and its customers. Next week, September 14-15 in Washington DC, Forrester is gathering experts in cybersecurity, privacy, customer experience, regulatory compliance, identity management, personalization, and a range of other related topics to bring clarity to […]

8 years, 3 months ago

Using Risk Management Standards: A Q&A with Ben Tomhave, Security Architect and Former Gartner Analyst

by Open Group

By The Open Group IT Risk Management is currently in a state of flux with many organizations today unsure not only how to best assess risk but also how to place it within the context of their business. Ben Tomhave, … Continue reading →

8 years, 6 months ago

Cybersecurity Standards: The Open Group Explores Security and Ways to Assure Safer Supply Chains

by Open Group

Following is a transcript of part of the proceedings from The Open Group San Diego 2015 in February. The following presentations and panel discussion, which together examine the need and outlook for Cybersecurity standards amid supply chains, are provided by … Continue reading →

8 years, 11 months ago

Business Benefit from Public Data

by Open Group

By Dr. Chris Harding, Director for Interoperability, The Open Group Public bodies worldwide are making a wealth of information available, and encouraging its commercial exploitation. This sounds like a bonanza for the private sector at the public expense, but entrepreneurs … Continue reading →

8 years, 11 months ago

Open FAIR Blog Series – An Introduction to Risk Analysis and the Open FAIR Body of Knowledge

by Open Group

By Jim Hietala, VP, Security and Andrew Josey, Director of Standards, The Open Group This is the first in a four-part series of blogs introducing the Open FAIR Body of Knowledge. In this first blog. we look at what the … Continue reading →