The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines. NERC CIP is a burdensome set of standards, so when it comes to strategizing how you will bring your organization into compliance, it can be difficult to know where to even…

In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infrastructure. Although technology may reduce risks associated with the human factor and legacy data-processing, it introduces new risks that, if left unaddressed, could…

Microsoft President urges tech leaders to follow lessons from Apollo missions and “War Games” Length: 6:28 | Jan 22, 2021 President Brad Smith said that national security is threatened by the industry’s inability to learn lessons from the past. Source link

A researcher has published a proof-of-concept exploit script for a critical SAP vulnerability patched in March 2020 and attackers have begun probing for vulnerable SAP systems. Background On January 14, a proof-of-concept (PoC) exploit script for a critical vulnerability in the SAP Solution Manager, a centralized management solution for SAP and non-SAP systems, was published on GitHub. The vulnerability was discovered and disclosed by security researchers Pablo Artuso and Yvan Genuer of Onapsis. It was…

Oracle Cloud VMware Solution (OCVS) provides high performance dedicated hardware using Oracle Cloud Infrastructure (OCI), running the full VMware software stack. Announced August 2020, Existing VMware and Oracle customers can now take advantage of: Infrastructure-as-a-Service (IaaS) model with VMware overlay – abstracting functionality into the software for the customer to control, whilst consuming the underlying infrastructure as a service. This removes the overhead of traditional data centre maintenance tasks such as hardware and firmware patching,…

A punitive approach toward employees reporting data breaches intensifies problems. Image: iStock/iBrave Experts are warning, when it comes to cybersecurity, blaming users is a terrible idea. Doing so likely results in creating an even worse situation. “Many organizations have defaulted to a blame culture when it comes to data security,” comments Tony Pepper, CEO of Egress Software Technologies, in an email exchange. “They believe actions have consequences and someone has to be responsible.” “In cases where…