The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day, they make the mistake of thinking it could not happen to them. Many software developers do not typically worry about

Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business. Over time, it became clear that this data, if obtained by criminals, could be damaging to an individual. Personally Identifiable Information (PII), Protected Health Information (PHI), private financial records, and a selection of other sensitive data hold

The cybersecurity team can be a challenging one for organizations to keep engaged and happy. Talent is scarce, turnover and burnout rates are high. That’s why employers have to keep existing teams engaged in their profession, and current on the latest threats and defenses. To accomplish this, every organization needs a formal, standards-based cybersecurity training and education program for the employees responsible for securing their critical assets. What are the key components of a training program? Whatever an organization’s unique circumstances, three major tenets must guide any training effort: Security is an obligation, not an option. Evolving technology and constantly changing threat landscapes require a long-term, agile commitment to security. Skills development should be measured for effectiveness. Who should conduct

Disaster recovery is now a normal part of business operations. However, before the year 2000, disaster recovery was a “nice to have” addition to a business. Then, the “Y2K” bug became the impetus that brought disaster recovery to the forefront of business preparedness. Next, in 2001, the rise of terrorism brought new attention to the need for businesses to prepare for disasters. As time progressed, incidents such as the blackout of 2003 that shut down the northeastern United States for a day, made many recognize that disaster recovery centers could not be on the same power grid, let alone at the same geographic location. Reflecting on those times, it is interesting that the biggest threats to businesses from a cybersecurity

By Qamar Peer Bellary Sadiq, CISSP, CCSP Public Key Infrastructure is the most commonly used technology in security space for the purpose of establishing Authentication, Data Integrity, Non-Repudiation, email encryption, SSL/TLS with X.509 Certificates (also known as Digital Certificate). Digital Certificate is a form of a digital identity document in the digital world and helps identify users, entities and servers. PKI is an amalgamation of a suite of protocols, people, processes and technologies that must work in a synchronized manner to create, store, distribute, manage and revoke digital identities. However, there exists real world challenges, pitfalls and misconceptions around Certificate Status validation in the PKI technology space that need to be highlighted.   Misconceptions about Certificate Revocation Revocation of digital