The Food and Drug Administration on Thursday issued revamped draft guidance providing updated and detailed recommendations for how medical device makers should address cybersecurity risk in the premarket of their products, especially as the threat landscape continues to evolve.
The integration of third-party components and software is an increasingly critical area of security risk that needs more attention from medical device manufacturers, says Anura Fernando, global head of medical device security at safety certification firm UL.
The bad guys are out there, watching and waiting for an opportunity to strike. They are gathering information about your organisation and users, devising the perfect plan to infiltrate your defences. What if you could see your organisation through the eyes of an attacker?
Attend this webinar to learn:
The cultural divide between application security and developer teams is well known. But threat modeling offers a new strategy to bring these teams together and achieve business benefits. Panelists from ServiceNow and IriusRisk discuss the road map.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Hellman Worldwide Logistics, one of the world's biggest logistics and shipping firms, is warning that its operations remain disrupted following an online attack of unspecified nature. The attack comes amid a busy season for e-commerce and shipping, with supply lines already stretched thin, experts say.
The banking and finance sector is changing. While digital transformation brings opportunities, it also brings challenges around cybersecurity and data protection. Threat modeling meets these challenges, providing fast, scalable security and risk analysis, tailored to your business' unique needs.
The fundamental basis of threat modeling is identifying, communicating and managing security weaknesses. The key principle underpinning threat modeling is “secure design” which means in practice addressing design flaws. Ideally threat modeling activities will take place from the inception of the project at the...
Applications aren't the only iterative processes that today's developers have to contend with. Security has become of prime importance to organisations and their end users, with some teams finding that they're having to wrestle between speed and security to get the job done. It doesn't have to be this way. In this...
Discover how ABN Amro built a self-service threat modeling process for DevOps and scaled secure design across its organisation. ABN Amro reached out to IriusRisk as they embarked on a major digital transformation program - Project Apollo - moving from their private data centers to the cloud - which would affect 500+...
Criminal hackers don't break for lunches, weekends or holidays. Of course, that's just one of many challenges facing information security teams, as they attempt to maximize visibility and minimize complexity while protecting their business around the clock, says Peter Van Lierde, the CISO of energy firm Sibelga.
Threat modeling can help give organizations the extra insights needed to secure their on-premises and cloud environments at a time when attackers are using increasingly sophisticated methods to gain entry to networks and maintain persistence. Experts offer tips on making the right moves.
Tom Kellermann calls it a new "Twilight Zone" - an era in which cybersecurity adversaries can unleash destructive attacks that manipulate time, data, audio and video. The cybersecurity strategist shares insights and analysis from his latest Global Incident Response Threat Report.
The Israeli government paid a visit on Wednesday to NSO Group, the company whose spyware is alleged to have been covertly installed on the mobile devices of journalists and activists. The visit comes as Israel faces growing pressure to see if NSO Group's spyware, called Pegasus, has been misused.
Dan Kaminsky, a renowned security researcher, died last week at age 42. He gained cybersecurity fame in 2008 after discovering and helping to coordinate a patch for a massive security flaw in the internet's Domain Name System.