How do we help the black sheep into a secure environment? Why is email security such a critical issue? Email is the number one vector of attack in all publications, with figures varying for the sad winner of being involved in around 85-95% of all attacks. Why is that? Well, first of all, we cannot …
Email Security 2.0 – effective protection against attacks & stopping phishing. Read More »
In the evolving realm of cybersecurity, organizations have developed various techniques to evaluate and fortify their digital defenses. Among these techniques, Penetration Testing and red teaming are two commonly employed approaches. While both serve the overarching goal of enhancing security, they differ significantly in methodology, scope, and objectives. This article explores the distinctions between the …
5 Aspects to differentiate between Penetration Testing & Red Teaming Read More »
Why is emergency management so important? You are no doubt familiar with the saying in IT security: “It’s not a question of if you will be hacked, but when”. Certainly an exaggeration, but true: even a sophisticated security strategy and the necessary continuous improvement of security measures cannot rule out the possibility of a cyber …
You can download the buyer’s guide at the end of this article. Supply chain risk management for large organizations or operations of critical infrastructure increasingly include cyber risk monitoring. From the suppliers’ perspective, having a shared repository that their customers can access, helps to avoid repetitively answering the same questions about their security controls and …
Buyer’s Guide for Third Party Cyber Risk Ratings Tools Read More »
Solutions for protecting directory services and identity providers (especially Active Directory Domain Services and Azure AD/Entra) against attacks have been available for several years. These are advertised under various names, in particular Identity Protection, Identity Threat Detection and Response (ITDR) or AD Protection / AD Threat Detection. Some of the solutions are available as standalone …
Identity Threat Protection Solutions: Purchasing Guide Read More »
In an increasingly digital world, data breaches and cybersecurity threats have become a common problem for businesses of all sizes and industries. To mitigate these risks, organizations need to prioritize their security measures. In this article, we will explore how ISO 27001 assessments can significantly increase an organization’s security maturity level. From ISMS to norm, …
How ISO 27001 assessments significantly improve the level of IT security of a company Read More »
An information security management system (ISMS) is a systematic approach to managing sensitive information within an organization. It is a framework that helps organizations establish, implement, maintain and continuously improve their information security processes. The main objective of an ISMS is to ensure the confidentiality, integrity and availability of information assets while effectively managing risks. …
First of all, we consider password managers to be an indispensable tool for companies to effectively ensure the security and management of passwords. By the way, the BSI also sees it that way and has compiled excellent information on the subject, as it often does. As a CIO, you are faced with the challenge of choosing the …
You can download this article at the end with more informations. Several thousand operators of critical infrastructures in Germany are currently in the process of planning, implementing and testing systems for attack detection in accordance with § 8 a BSIG, based on the relevant guidance and other BSI guidelines. We are happy to help you …
Attack Detection System in accordance with the IT Security Act 2.0 Read More »
Web application firewalls (WAFs), also called web application gateways or application/API protection products (WAAPs), are ideal for protecting your own offerings that are accessible from the Internet (such as self-hosted web servers or e-commerce offerings). They are designed to protect against common attack paths such as code injection, cross site scripting, other OWASP security risks …
Associations and industry collaboration
