In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
Assume breach, Microsoft’s approach and experience on Cloud Security – Webinar 15 June 2020
15 June 2020 – Cyber Security Coalition
In their third webinar, the Cyber Security Coalition Cloud Security Focus Group had Bart Asnot (Technical Solutions Professional – Security Microsoft) explain how Microsoft looks at cloud security.
Main focus of the presentation was on Microsoft’s ‘Prevent Breach’ and ‘Assume Breach’ philosophies, both preparing for cloud security. ‘Prevent Breach’ we’re all familiar with as its goal is to keep the bad guys out. It is being realized by e.g. code reviews, security testing and techniques alike. ‘Assume Breach’, however, focusses on the preparation of your environment, people, processes and technologies to detect actual attacks and penetrations. By identifying and addressing gaps in all of these you will be able to better detect, respond and recover from attacks and penetrations.
To secure their cloud journey Microsoft adapted the Zero Trust model. Depending on the information you want to access, a specific level of trust is required before access can be granted. By evaluating the user identity requesting access, the device used to do so and the information that is to be accessed, the organizational policy decides if access can be granted and which security policy is to be enforced.
To top things off a demo illustrated some of the use cases mentioned.
Other blog posts
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.