After several years of anticipation, the New York State Department of Financial Services (DFS) has filed its first enforcement action under the agency’s groundbreaking and first-in-the-nation 2017 cybersecurity regulation (Part 500 of Title 23 of the New York Codes, Rules, and Regulations), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. This action is a wakeup call to covered entities to fully implement the directives of Part 500.

A statement of charges was announced on July 21, 2020 against a large real estate title insurer alleging that a design defect in a data management computer program resulted in the exposure over the course of several years of hundreds of millions of documents—millions of which contained sensitive personal information of consumers, including bank account information, mortgage and tax records, Social Security Numbers, wire transaction receipts, and drivers’ license images.

According to the charges, the company discovered the vulnerability and exposure as a result of penetration testing it conducted in 2018, but then failed on multiple levels to remedy the exposure…

Read More…

Read More…

The Australian Signals Directorate (ASD) aims to defend Australia from global threats through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

ASD provides the Australian Government with intelligence and cyber security expertise, policy and advice that protects our national security and sovereignty, and practical support that informs law enforcement and military operations.

In its 2019-2020 Corporate Plan, ASD provides insight into its functions, strategic plans, operating context and oversight framework.

Functions

ASD operates under the Intelligence Services Act 2001, which specifies that its functions are to:

• collect and communicate foreign signals intelligence;
• prevent and disrupt offshore cyber enabled crime;
• provide cyber security advice and assistance to Australian governments, businesses and individuals;
• support military operations;
• assist the national security community in the performance of its functions

Strategic Plan and Objectives

ASD has set 5 key strategic objectives for the duration of its corporate plan, which will help it to fulfil its purpose and achieve its vision of being a…

Read More…

ThreatQuotient has extended its professional services offering in a bid to enable enterprises to advance their security operations and take advantage of end to end services. Notably, the enhancements include new Assessment and Consulting Services.

ThreatQuotient’s global Professional Services team was first launched in 2017 and provides core capabilities to assess, design and build a threat-centric security operations function.

On the whole, the company is focused on helping organisations to transition from traditional signature-based monitoring, detection and response to an external, threat-focused program.

In addition to the current services of implementation, training and development, ThreatQuotient now offers consulting services that range from an initial assessment of current threat intelligence capabilities, to more in-depth and long-term process development.

According to ThreatQuotient, the ultimate goal is to mature a program to the point that a team can confidently address specific use cases like spearphishing, threat hunting and vulnerability management.

The company states its services can educate new cyber intelligence teams, refocus teams onto specific…

Read More…