Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

whitePaper | May 18, 2022

Modern aerospace products are moving into containerization and micro-services. Mounting connected internal micro-services patterns in a product segregates and segments the network to support a zero-trust network security approach. Having weak internal network security of the product allows malicious actors to exploit them and elevate privileges — denying users access, jamming signals, or even shutting them down. Such interference could cause major harm to aircraft safety and operations.

whitePaper | May 26, 2022

Ransomware attacks have become increasingly pervasive and pernicious. Many organizations have suffered from at least one ransomware attack, and many ransomware victims have unfortunately been left with no resort other than paying the ransom and hoping to recover their data.

whitePaper | October 18, 2022

The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) is a NATO-accredited knowledge hub offering a unique interdisciplinary approach to the most relevant issues in cyber defence.

whitePaper | December 12, 2022

In the evolution of Internet-based technologies, Web 2.0 introduced popular decentralized services that accelerated interactivity between websites and users. Looking to capitalize on this innovation, businesses rushed to launch applications to the market. However, both the Web 2.0 architecture and dependent businesses failed to incorporate key security principles into the design and implementation of these services, resulting in critical vulnerabilities.

whitePaper | September 28, 2022

GlobalPlatform is a technical standards organization that enables the efficient launch and management of innovative, secure-by-design digital services and devices, which deliver end-to-end security, privacy, simplicity, and convenience to users. It achieves this by providing standardized technologies and certifications that empower technology and service providers to develop, certify, deploy, and manage digital services and devices in line with their business, security, regulatory, and data protection needs.

whitePaper | April 28, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.