As discussed in the previous article (in French), ISS teams must adapt their organisation, processes and tools to ensure that security issues are considered on an ongoing basis. Agile methodologies are becoming more common within organisations and security teams must…
What is a bug bounty and what is it used for? Mere buzzwords a few years ago, bug bounty programmes and vulnerability disclosure initiatives have since permeated the cyber-related vocabularies of a wide range of organisations, whether it be…
In a previous article, we discussed the main motivations behind the implementation of an authorization model and answered a first set of essential questions one should think about when setting up or redesigning a model. Let’s continue here with a…
Introduction DAC, RBAC, OrBAC, ABAC or GraphBAC? Flagship authorization models evolve regularly and each one brings its share of challenges, promises, and complexity. Over the last twenty years or so, during which the RBAC/OrBAC models seem to have prevailed, the…
With the release of the Digital Operational Resilience Act (DORA), the European Union is taking a strong stand to strengthen the financial sector’s resilience to ICT-related major incidents. With prescriptive requirements on both financial entities and critical ICT services provider, and an aggressive timeline…
Indicateurs du mois TOP ATTACK LE GOUVERNEMENT BRESILIEN SE REMET DE LEUR "PIRE" ATTAQUE Après avoir été touché, le 3 novembre, par la plus sévère de toutes les attaques orchestrées contre une institution publique brésilienne, le Tribunal Supreme de Justice…
Monthly indicators TOP ATTACK Brazilian government recovers from "worst-ever" cyberattack After suffering the most severe cyberattack ever orchestrated against a Brazilian public sector institution on the 3rd , the Superior Electoral Court (STJ, in the Portuguese acronym) has managed to…
If we have seen in a previous article the predominance of FAIR in the world of quantification[1], another article published here in early June[2] (detailing the FAIR method in its second part) emphasizes the care to be taken in the…
Cloud is on everyone’s lips, especially in these unusual times of remote work. Many organisations are reviewing the way they design and implement their activities in order to move to Cloud Services Providers (CSP). But this “Move to Cloud” trend…
A few months ago, François LUCQUET and Anaïs ETIENNE told us of the growing interest in quantifying cyber risks[1], but also warned us against going to the path of quantification without prior reflection. Their analysis, which is still relevant, emphasized…