A risk assessment is the foundation of a comprehensive information systems security program. It is the process of identifying, analyzing, and reporting the risks associated with an IT system’s potential vulnerabilities and threats.

(more…)

This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).

(more…)

Cybersecurity certification under the European Union Cybersecurity Act (CSA) is intended to increase trust and security for European consumers and businesses and help to achieve a genuine digital single market. This requires that all relevant levels of the ICT market, from sectoral ICT services and systems via ICT infrastructures to ICT products and ICT processes, will be addressed and that the related cybersecurity certification schemes are well accepted by the market.

(more…)

The cyber threat landscape is highly dynamic and extremely difficult to keep pace with. Attackers are not only developing new techniques to evade security, but threats—such as spam, phishing, and malware—are growing in complexity and precision. The importance of having a robust defense against such attacks was highlighted by the SolarWinds breach, a large-scale hack of government and private information technology (IT) assets that became public in December 2020.

(more…)

CSA issued the Guide to Conducting Cybersecurity Risk Assessment for Critical Information Infrastructure in December 2019 (subsequently revised in Feb 2021). The document provided guidance to Critical Information Infrastructure Owners (CIIOs) on performing a proper cybersecurity risk assessment, and briefly covered steps for threat modelling as part of the risk assessment.

(more…)