Electron Security Checklist A guide for developers and auditors

whitePaper | November 3, 2022

While “less is more” is the critical strategy behind consolidating networks and security, “more is more” seems to be the mantra cybercriminals continue to live by. The most troubling trend we’ve observed across the cyber landscape is one we see continuing into the future—that threats of all kinds are becoming increasingly ubiquitous. From Ransomware-as-a-Service (RaaS) to new attacks on nontraditional targets like edge devices to the emerging use of wipers, the volume and variety of cyberthreats will keep security teams on their toes in 2023 and beyond.

whitePaper | February 19, 2020

We live in an increasingly connected world, where more and more devices and systems are networked and shared with other systems. Convenience is a main driver behind this trend, as people have come to expect the ability to connect to and control devices and systems anywhere, anytime. However, there is a downside to the unprecedented level of convenience provided by the growing number of networked devices, namely increased security risk. Because each device is an endpoint for networks, they introduce the potential to become entry points for hackers and others with malicious intents. In fact, in many of the most high-profile data breaches that have occurred recently, hackers were able to access corporate networks through POS, HVAC and other networked systems that failed to provide an adequate level of security to prevent these types of breaches.

whitePaper | December 22, 2022

Nearly every part of the educational sector has fallen victim to a cyberattack, from elementary schools to universities. Securing education is no longer a “nice to have” but a “must do” and is a growing concern among the global educational community. Creating and maintaining effective information security and cybersecurity operations in education comes down to people, processes, and tools. It’s crucial for IT and security leaders across the entire spectrum of educational institutions to find the right balance between the three. While there are success stories of achieving that balance, there’s always more to do to identify, understand, and mitigate cybersecurity risks to these organizations. Establishing and improving existing cybersecurity operations must become a priority.

whitePaper | August 4, 2022

Abstract— With the recent roll-outs of 5G networks and the rise of phones supporting the standard, it’s critical to examine the technical underpinnings of 5G system security. The fifth generation of 3GPP (3rd Generation Partnership Project) mobile telephony, the lack of understanding, outright hostility, and general confusion surrounding this roll-out is unmatched in the history of mobility. We aim to alleviate much of the confusion and hostility by providing an overarching description and security document.

whitePaper | November 9, 2022

The CISA Stakeholder-Specific Vulnerability Categorization (SSVC) is a customized decision tree model that assists in prioritizing vulnerability response for the United States government (USG), state, local, tribal, and territorial (SLTT) governments; and critical infrastructure (CI) entities. This document serves as a guide for evaluating vulnerabilities using the CISA SSVC decision tree. The goal of SSVC is to assist in prioritizing the remediation of a vulnerability basedon the impact exploitation would have to the particular organization(s).

whitePaper | June 23, 2023

The increasing reliance on digital technology has made cybersecurity a critical concern for organizations worldwide. While technological advancements have provided businesses with unprecedented opportunities, they have also exposed them to a myriad of cyber threats. In this context, human error has emerged as a significant vulnerability. While an overwhelming majority of the human error related wrong decisions are unintentional, they can happen to anyone. This whitepaper aims to provide a comprehensive approach to closing the human error gap in cybersecurity, focusing on both cybersecurity awareness training and proactive security measures that minimize the need for users to be cyber smart.