In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
API Security as a key enabler for our digital transformation
10 June 2020 – Cyber Security Coalition
During the months of May and June, the Enterprise Security Architecture Focus Group organized two consecutive instructive webinars on API Security, each approached from a different angle. Next to devops, application containers and microservices, APIs are key enablers for the digital transformation of our enterprises.
The first webinar covered the ‘Common pitfalls and recent evolutions in API security’ and was presented by Philippe De Ryck (pragmaticwebsecurity), an internationally recognized web security expert, trainer, and speaker.
Philippe gave us an in-depth technical lecture on the best practices for API security, highlighting common API vulnerabilities along with current best practices for API authentication and authorization, and not to forget the recent evolutions in the API landscape. The content was based on his conference talks “Common API security pitfalls” and “Recent evolutions in the OAuth 2.0 and OpenID Connect landscape”, both food for an interactive Q&A during our group session.
After the deep dive of Philippe, we focused in a second webinar on the API Security architecture and strategy at ING. Patrice Krakow, lead architect of the API platform at ING Belgium, clarified how API security is being managed at ING, still with an emphasis on the applied architecture development method. Purpose of his webinar was to drive group interaction, allowing each and every member to learn from the insights and practices of others in the field of APIs.
Other blog posts
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.