Security News
Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said. "If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.
Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said. "If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.
In light of this, incident management programs are more important than ever, and with ISACA's newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas-like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customizable spreadsheet.
Threat intelligence and visualization technology can play huge roles in improving vulnerability management. Mieng Lim of Digital Defense outlines the potential benefits.
The new feature, DKIM key management, is currently in beta and users have been encouraged to share feedback to help ProtonMail developers improve it. The signature is linked to the user's domain name and it's created with a private key that has a corresponding public key added to the domain registrar's DNS. If DKIM is used, the email recipient's server looks up the public key and uses it to verify the signature in the message's header to ensure that the email is legitimate.
OneTrust, a provider of privacy and security compliance tools, has raised $210 million in Series B funding at a valuation of $2.7 billion. The Series B round was led by Coatue and Insight Partners, and combined with OneTrust's $200 million Series A, brings the total amount raised by the company to $410 million.
While some of the wildest technology expectations from the big and small screen may not have come to fruition, the last decade of identity and access management development didn't let us down. I believe identity access management cloud capabilities and integrations will continue their rapid spread - as well as their transformation of enterprise technology and the way we do business - in this new decade and beyond.
ProcessUnity, a leading provider of cloud-based applications for risk and compliance management, today announced a new pre-built configuration of its award-winning Vendor Risk Management solution. Best Practices Configuration for ProcessUnity Vendor Risk Management is a pre-configured Third-Party Risk Management program with turn-key workflows, assessments, calculations, risk analysis and reporting, allowing small to midsize organizations to successfully launch and maintain a third-party risk program from day one.
In an effort to further position itself for rapid marketplace growth, ThreatConnect, provider of the industry's only intelligence-driven security operations platform, announces the hiring of four new senior management team members: Miles R. Tappin, Vice President, EMEA; Steve Mariani, VP, Revenue Operations; Daniel Moser, CFO; and Phillip Higgs, VP, Federal Sales. Bryan Hauptman, ThreatConnect CRO said, "This is an exciting time for the company and with these new hires, we will be able to expedite our expansion plan for 2020. We see a tremendous opportunity ahead. And, we feel that by bringing on these gentlemen, we have the right mix of business and technology experience combined with a seasoned approach to management. I look forward to ThreatConnect's future."
One is a big new category that we saw emerging in 2019 was not a true data breach per se, but what we're calling a data exposure, or you may also have heard the term data lake, and that's where some businesses just forgot to put a password on their cloud environments. If you can't keep up with all those passwords, use a password manager.