Stress-Testing Security Assumptions in a World of New & Novel Risks

The most devastating security failures often are the ones that we can't imagine - until they happen.
Prior to 9/11, national security and law enforcement planners assumed airline hijackers would land the planes in search of a negotiated settlement - until they didn't.
The extent of injury from these incidents is often a function of the extent to which new and novel risks were unforeseen, or assumed not to be risks in the first place.
In other words, the more basic the assumption, the more devastating the compromise.
The imperative of security is to be right not only now, but also in the future, to anticipate and mitigate risks that will arise at some later time and place through effective planning and preparation.
The assumptions we make about that future environment serve as the foundation for that work.
Assumptions are necessary for any security plan to be cohesive.
Our assumptions today are unlikely to hold in the future.
We know that increasing interdependencies will make security challenges inherently cross-domain and interdisciplinary.
We know that who and what provides security is changing as well.
The current approach to security goes something like this: First, we review recent incidents, while gathering information on the threats we know about.
Next, we develop a consensus on how to neutralize those threats and mitigate associated risks.
The fundamental challenge is to prepare for a future with an unknowable risk profile.
The future of security will be about resilience in the face of emerging risks that cannot be specifically identified today.
We must also question the very assumptions that undergird our sense of security today.
A new, future-resilient approach will need to include a deliberate process of challenging existing assumptions, while they remain valid, to model a future in which those very assumptions are compromised.
In practice, this involves stress-testing the assumptions we make about the world in which we operate and the environments in which we strive to achieve security.
These assumptions can be broad or narrow, across multiple dimensions.
This process of categorizing and stress-testing fundamental assumptions is a necessary exercise for any leader who is interested in ensuring long-term security and resilience in the face of an uncertain future.
In the next installment of this two-part piece, I'll examine some of the basic assumptions in the most common security frameworks, and the technologies we assume to be central to cybersecurity.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 02 Jul 2024 14:00:08 +0000


Cyber News related to Stress-Testing Security Assumptions in a World of New & Novel Risks

Microservices Resilient Testing Framework - As organizations increasingly embrace the microservices approach, the need for a resilient testing framework becomes important for the reliability, scalability, and security of these distributed systems. From preemptive problem-solving to the ...
11 months ago Feeds.dzone.com
Stress-Testing Security Assumptions in a World of New & Novel Risks - The most devastating security failures often are the ones that we can't imagine - until they happen. Prior to 9/11, national security and law enforcement planners assumed airline hijackers would land the planes in search of a negotiated settlement - ...
5 months ago Darkreading.com
How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages - Delve into automated versus manual API testing for efficient software delivery. See how automation speeds validation while manual testing provides human insight, ensuring comprehensive coverage for robust development. In the domain of software ...
10 months ago Hackread.com
How to do Penetration Testing effectively - In today's digital era, penetration testing has become crucial to an organisation's cybersecurity strategy. From network penetration testing to web application and mobile app penetration testing, a comprehensive pen test covers a wide range of attack ...
7 months ago Securityboulevard.com
3 ways to reduce stress on the DevSecOps team - My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief information security officers suffer from work-related stress, and 65% admit their stress levels compromise their ability to ...
1 year ago Infoworld.com
Application Security Testing Explained - That's precisely why application security is a top priority for security teams and a crucial consideration for DevOps. Application security testing is like giving your software a thorough health check to ensure it's robust and resilient against cyber ...
11 months ago Securityboulevard.com
How to Use Pen Testing to Find Vulnerabilities - One effective method for conducting an information security audit is through penetration testing. The contractor would conduct thorough testing and provide detailed penetration reports, complete with recommendations for safeguarding corporate data. ...
11 months ago Feeds.dzone.com
What is App Security? SAST, DAST, IAST, and RASP. - Effective application security relies on well-defined processes and a diverse array of specialized tools to provide protection against unauthorized access and attacks. Security testing is a critical part of an application security strategy and should ...
1 year ago Feeds.dzone.com
How AI is revolutionizing "shift left" testing in API security - Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. For developers who are not security experts, fixing code or knowing business logic abuse possibilities can be ...
1 year ago Helpnetsecurity.com
Product showcase: ImmuniWeb AI Platform - ImmuniWeb is a global application security company that currently serves over 1,000 customers from more than 50 countries. ImmuniWeb AI Platform has received numerous prestigious awards and industry recognitions for intelligent automation and ...
1 year ago Helpnetsecurity.com
Akto Launches Proactive GenAI Security Testing Solution - With the increasing reliance on GenAI models and Language Learning Models like ChatGPT, the need for robust security measures have become paramount. Akto, a leading API Security company, is proud to announce the launch of its revolutionary GenAI ...
10 months ago Darkreading.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM - With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed ...
1 year ago Helpnetsecurity.com
A Comprehensive Guide to Penetration Testing in Public Clouds - As organizations increasingly migrate their operations to public cloud environments, the need for robust security measures has never been more critical. Cloud penetration testing emerges as a crucial component in ensuring the integrity and resilience ...
11 months ago Cybersecurity-insiders.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
8 months ago Techtarget.com
5 Reasons Why Your Business Needs Penetration Testing - Penetration testing is an essential security measure for businesses in the digital age. Cyber-attacks and data breaches are becoming more frequent, making it necessary for organizations to protect their sensitive data and web applications. A ...
1 year ago Tripwire.com
Lost in Translation: Mitigating Cybersecurity Risks in Multilingual Environments - With increased connectivity and linguistic diversity comes a new set of cybersecurity risks. This article will delve into the unique cybersecurity challenges in multilingual environments, focusing on solutions and best practices to mitigate such ...
1 year ago Cyberdefensemagazine.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
3 security best practices for all DevSecOps teams - It's been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. More organizations are looking to shift-left security to ensure that security is prominent in ...
1 year ago Infoworld.com
Is Once-Yearly Pen Testing Enough? A Guide to Periodic Vulnerability Assessment - Periodic vulnerability assessment (pen testing) is one of the essential components of cybersecurity. It helps companies identify and address any gaps in their network security posture before malicious actors can exploit these gaps. Pen testing, or ...
1 year ago Thehackernews.com
Cyber security professionals are exhausted, and it's putting firms at greater risk of attack - An epidemic of stress among cyber security professionals is putting organizations at a greater risk of cyber attack, according to a new report. A survey of 500 UK cyber security professionals by security firm Adarma found that just over half of ...
1 year ago Itpro.com
What is offensive security? - Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity. In the past, offensive security referred to methods to actively slow down or to find information about attackers. This is no longer widely ...
1 year ago Techtarget.com
DP World confirms data stolen in cyberattack, no ransomware used - International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. The company says no ransomware payloads or encryption was used in the attack. On November ...
1 year ago Bleepingcomputer.com
A Tale of Overcoming Cyber Threats with Auto Pentesting and CTEM - She had preemptively purchased Ridge Security's RidgeBot automated penetration testing product, recently upgraded with new plugins that automatically detect and exploit the MOVEit vulnerability. RidgeBot is an AI-powered security validation platform ...
9 months ago Cyberdefensemagazine.com
Modern DevSecOps - DevSecOps - a fusion of development, security, and operations - emerged as a response to the challenges of traditional software development methodologies, particularly the siloed nature of development and security teams. DevSecOps aims to break down ...
1 year ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)