Data breaches can happen to any organization. Whether carried out maliciously or simply the result of employee error, read below to learn just how common data breaches are within the public and private sectors.
By: Erin Dayton
1. “When, Not If”
If you've attended your fair share of cyber security conferences in the past, it's almost guaranteed that you've heard the long standing joke “You don’t have to out run the bear, you just have to out run your brother.” Although this joke is still prevalent and ensures a good chuckle from the audience, it's becoming less applicable as the forest has become home to more than just one bear.
The “when, not if” timeframe suggests that organizations can no longer rely on planning based on “if” they will be compromised or breached, but “when". Organizations should operate on the belief that the bad guys are already in their system, and should devote efforts towards identifying how to find attackers and knowing what to do once they've been located. Cyber security efforts should strive toward an advanced model which includes education, prevention, protection, mitigation, response, and recovery. This holistic approach to security provides a potential safety net when facing the perfect storm of the vulnerable technological ecosystem (mobile devices, social media, Internet of Things, etc).
CIS has released its first security configuration benchmark for Docker 1.6, which makes more than 80 recommendations for configuring and operating Docker in production environments. The benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Docker 1.6 or later technology.
Kevin Moran, MS-ISAC NCCIC Partner Liaison
CIS Intelligence and Analysis Workgroup
It’s that time of year again where we look ahead toward the cyber security trends and topics we’ll be seeing in 2015.