DATA SECURITY

Brane Capital, a Crypto Custody Company, Recently Earned Cyber Security Recertifications as well as Smart Contract Validation

Brane Inc. | April 05, 2021

Brane Capital, a Crypto Custody Company, Recently Earned Cyber Security Recertifications as well as Smart Contract Validation
Brane Inc., a major cryptocurrency custody provider, has earned important cyber-security recertifications that validate the company's rigorous security and risk management procedures.

Brane completed third-party validation of its Ethereum smart contract code, the technology that drives non-fungible tokens (NFTs), by auditor Solidified, in addition to recertification at ISO 27001 and 27017 and NIST level 4 standards by audit and certification firm BSI.

"We are fully committed to security as our top priority, and these third-party certifications validate Brane as a world-class pioneer in secure cryptocurrency custody," said Chris Desjardins, Vice President, Product. "As cryptocurrencies grow more prevalent in the global economy, our clients and partners are certain that Brane is one of the most accredited, verified, and security-focused companies in the sector."

"Brane's key benefit is the blend of bank-grade security and cutting-edge technology, both built on a fundamental view of blockchain's unique opportunities and challenges," said Dave Revell, a Brane board member, and former EVP and Global Chief Information Officer for CIBC. "Brane has created a custody solution that satisfies the needs of banks and other financial institutions as cryptocurrency acceptance grows."

"Obtaining ISO and NIST certifications will take several years and millions of dollars for major businesses. Brane's fast completion of these certifications demonstrates the power of our blockchain-native technology and information security management systems "Brane's founder and Chief Innovation Officer, Patrick McLaughlin, made the announcement. "With this primary strategic advantage, Brane is the perfect partner for financial institutions looking for a truly safe, user-friendly solution for digital asset custody."

"As Brane becomes a bank for the world's newest asset class, security and accountability are woven into our company's DNA," said Brane President Jerome Dwight, who previously led Bank of New York Mellon's Canadian operations. "By combining an exceptional internal team with partnerships with other business players, Brane is committed to retaining its place of Canadian and global supremacy in crypto custody services."

About Brane

Brane is a blockchain innovation company that was established in 2017. Brane assists companies in understanding and utilizing the potential of blockchain and digital assets. Brane Vault, the digital asset custody facility, is ISO 27001 certified – the first in the world with cryptocurrency in scope – ISO 27017 certified, and NIST Tier 4 certified – the first company in any industry in Canada to achieve such certification. Brane Vault provides advanced proprietary technology and processes for over 20 preliminary patents, as well as being fully insured from fraud and crime.

Spotlight

"Despite advances by the security industry, criminals continue to break through security defenses. And attackers now realize that bigger and bolder attacks are not always better. New threat intelligence and trend analyses reveal how attackers take advantage of the gaps between the defenders' intent and action.

Related News

CISA Releases First of Its Series of Six Cybersecurity Essentials Toolkits

CISA | June 02, 2020

This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks, CISA’s toolkits will provide greater detail. Improve cybersecurity practices, the six cyber essentials toolkits will also include a list of actionable items for interested parties to take to reduce cybersecurity risks. Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit. As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits. This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. CISA’s toolkits will provide greater detail, insight and resources on each of the Cyber Essentials’ six “Essential Elements” of a Culture of Cyber Readiness. Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit to correspond with each of the six “Essential Elements.” Toolkit 1 focuses on the role of leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment. We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit, said CISA Director Christopher Krebs. “We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.” Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. Cyber Essentials includes two parts – guiding principles for leaders to develop a culture of security, and specific actions for leaders and their IT professionals to put that culture into action. Read more: MICROSOFT: MASSIVE COVID-19 THEMED PHISHING CAMPAIGN UNDERWAY TO GAIN REMOTE ACCESS We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit . ~ said CISA Director Christopher Krebs. Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are: Drive cybersecurity strategy, investment, and culture; Develop heightened level of security awareness and vigilance; Protect critical assets and applications; Ensure only those who belong on your digital workplace have access; Make backups and avoid loss of info critical to operations; and Limit damage and restore normal operations quickly. Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA builds the national capacity to defend against cyber attacks and works with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies. In recognition of the importance of governance in addressing cyber risks, the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division and the National Association of State Chief Information Officers (NASCIO) partnered to develop a State Cybersecurity Governance Report and series of State Cybersecurity Governance Case Studies exploring how states govern cybersecurity. The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness. This page will be updated as new Toolkit chapters are published. The report and case studies identify how states have used laws, policies, structures, and processes to help better govern cybersecurity as an enterprise-wide strategic issue across state governments and other public and private sector stakeholders. According to over 1,700 IT service providers, the lack of cybersecurity awareness amongst employees is a leading cause of a successful ransomware attack against an SMB. Read more: COVID-19 PANDEMIC MOVES ORGANIZATIONS TO INCREASE CYBERSECURITY SPENDING

Read More

GRC Becomes Critical, as Cyberattacks, Data Frauds Emerge as High-Impact Threats

SAP | May 13, 2020

The last year WEF Report on significant global threats lists cyberattacks and data fraud as high-impact threats in the near future. New-generation GRC tools recognise that business process flows are dynamic and fluid, and hence enable us to build dynamic rule sets with adaptive capabilities. GRC principles fit well with what is called the ‘agile’ approach and are more relevant and important today than ever before. 2020 will be remembered as the year of an almost worldwide lockdown caused by a virus. What could be next? The 2019 WEF Report on significant global threats lists cyberattacks and data fraud as high-impact threats in the near future. This underscores the fact that Governance, Risk and Compliance (GRC) is becoming increasingly critical within organisations, and the stakes are higher than ever should businesses fail to get it right. We’re living through an era hallmarked by a rapid increase in the rate of change in the marketplace. Organisations are being forced to adapt to the new realities. Successful organisations are becoming more agile in their ways of working. New-generation GRC practitioners are seeing the opportunity for GRC to play a greater role in proactive value creation, more than ever before, and are embracing new agile technologies and methodologies in doing so. GRC principles fit well with what is called the ‘agile’ approach and are more relevant and important today than ever before. Getting GRC right in an agile environment depends on having the correct mindset, approach and tools. Agile thinking encompasses the idea of “clock speed”. This is the pace at which an organisation, as an entire system, is able to move, react, adapt and so forth. It is estimated that today’s average large organisation requires a clock speed 3-5 times faster than the equivalent organisation a decade ago. Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES “GRC principles fit well with what is called the ‘agile’ approach and are more relevant and important today than ever before. Getting GRC right in an agile environment depends on having the correct mindset, approach and tools”. ~ SAP organisations Whilst agile thinking has brought great benefits in increasing clock speed, it has also brought with it a significant misconception about GRC. In the pursuit of agile delivery, GRC can easily be seen as part of the ‘old paradigm’ and hence ignored or undervalued. Alternatively, even if the GRC function is appreciated by business, GRC practitioners often fail to adapt their approach to the new clock speed realities. Many new-generation GRC practitioners find themselves operating in a traditional organisation. They face a decision to either be an advocate for change or simply go through the motions and deliver the kind of GRC the organisation requires. " In our increasingly fast-paced world, there is a strong correlation between successful GRC and levels of business-user engagement in SAP organisations". Could someone in GRC influence organisation-wide change? We believe they can. With a ‘courageously pragmatic’ approach one could advocate for company-wide change, possibly finding kindred spirits within the company, whilst at the same time pragmatically delivering GRC requirements within the prevailing framework. So, what is the correct approach then for agile GRC? Given that organisations differ vastly by industry, regulatory environment and GRC maturity, amongst others, there is no ‘one-size-fits-all’ answer. Here are a few agile GRC descriptors. Agile GRC realises the need for engaged business users, and hence puts business users at the centre of the process. GRC language is converted into a language that business users can understand. This is further achieved through more intuitive tools such as introducing business process visualisations that help contextualise and understand risks. A lack of engaged business users has always been the Achilles heel of GRC. Research shows it is the leading cause of GRC implementation projects floundering. Engaged business users are more vital than ever given the fluidity of organisational environments today. GRC must become a team sport. If business users are unengaged, it falls to the GRC team to ensure that access risk remains healthy. This is usually done in an episodic fashion, frequently timed to coincide with an audit. In addition, traditional GRC tools are built upon static rule sets, which should be reviewed ‘from time to time’ to adapt to any changes in business process flows. Learn more: WHAT YOU NEED TO KNOW ABOUT THE CYBERSECURITY SOLARIUM COMMISSION REPORT .

Read More

Odix releases filewall for microsoft 365 mail attachments (firewall for files)

prnewswire | September 14, 2020

odix, an Israel-based cybersecurity leader in enterprise CDR (Content Disarm and Reconstruction) technology, has officially launched FileWall for small and medium-sized businesses (SMBs).  FileWall provides effective malware-disarming capabilities against file-based attacks, leveraging cutting-edge technology previously available only for enterprises. With 62 percent of cyberattacks targeting SMBs resulting in 60 percent of them going out of business within six months, a new cybersecurity solution had to come to the market and at an attractive price point for SMBs.

Read More

Spotlight

"Despite advances by the security industry, criminals continue to break through security defenses. And attackers now realize that bigger and bolder attacks are not always better. New threat intelligence and trend analyses reveal how attackers take advantage of the gaps between the defenders' intent and action.