Tag Archive for: resilience

Sebi tweaks cyber security, cyber resilience framework for AMCs

/in


Capital markets regulator Sebi on Thursday tweaked the cyber security and cyber resilience framework for asset management companies (AMCs) and mandated them to conduct a comprehensive cyber audit at least twice in a financial year. Along with the cyber audit reports, AMCs have been asked to submit to stock exchanges and depositories a declaration from the MD and CEO, certifying compliance by them with all Sebi guidelines and advisories related to cyber security issued from time to time, according to a circular.

The new framework will come into force from July 15.

Under the modified framework, the asset management firms need to identify and classify critical assets based on their sensitivity and criticality for business operations, services and data management.

Further, business-critical systems, internet-facing applications/systems, systems containing sensitive data, sensitive personal data, sensitive financial data, and personally identifiable information data, among others, should all be considered critical assets.

All auxiliary systems that connect to or communicate with critical systems, whether for operations or maintenance, must be designated as critical systems as well.

The board of AMC is required to approve the list of critical systems.

“To this end, Mutual funds/ AMCs shall maintain an up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows,” Sebi said.

According to Sebi, they must conduct regular Vulnerability Assessments and Penetration Tests (VAPT) that include critical assets and infrastructure components in order to detect security vulnerabilities in the IT environment and an in-depth evaluation of the security posture of the system through simulations of real attacks on their systems and networks.

AMCs are required to conduct VAPT at least once in a financial year. However, for the mutual funds/ AMCs, whose systems have been identified as “protected system” by National Critical Information Infrastructure Protection Centre (NCIIPC) need to conduct VAPT at least twice in a financial year.

Further, they are required to engage only CERT-In…

Source…

Navy looks to build cyber resilience beyond RMF — FCW

/in


Defense

Navy looks to build cyber resilience beyond RMF

  • By Lauren C. Williams
  • Aug 13, 2021

U.S. Navy Photo by Mass Communications Specialist 2nd Class Joshua J. Wahl

The Navy wants to fortify its cyber resilience to keep pace with rapid software development needs, but changing workforce habits has to come first.

Vice Adm. Jeffrey Trussler, the deputy chief of naval operations for information warfare and director of naval intelligence, called the risk management framework (RMF) process a “laborious” but necessary step to “get in the door” that doesn’t guarantee protection against evolving cyber threats.

“You’ve got to do this if you want to walk through the door,” Trussler said during a panel on cyber threats at Sea Air Space on Aug. 3. “Is that going to protect you? No, these are just kind of the known things you need to take care of. Very simple.”

Trussler went on to say that once vulnerabilities from software and hardware vendors are known, the challenge is implementation across ships, planes and networked systems scattered globally.

“We do all of these things, but we still don’t know. And those things get blown up when you get some intelligence that tells you, ‘Oh [an adversary is] in the system or they’re really working hard [to hack into] this system,'” he said.

That problem is complicated when mission applications are being continuously updated. Rear Adm. Susan BryerJoyner, the director of the Navy’s cybersecurity division in the Office of the Chief of Naval Operations, said that as the Navy moves to embrace DevSecOps, which aims to incorporate security throughout the software development cycle, evolving RMF as part of that shift has proved challenging.

“Modernization and cybersecurity are my top two priorities. And I say that because I’ve got to modernize my infrastructure, where I can’t modernize the infrastructure, I’ve got to figure out how I apply these new technologies because they’re important and they give me visibility that I’ve never had before,” BryerJoyner said during a NAVWAR cybersecurity breakout session Aug. 4.

“And not only do we have to…

Source…

Elevating cyber resilience and tackling government information security challenges

/in


Esti Peshin is VP, General Manager, Cyber Division, Israel Aerospace Industries (IAI). Previously, she served 11 years in the Israeli Defense Forces, in an elite technology unit, where she was Deputy Director.

Peshin recently spoke at Cyber Week 2021 in Tel Aviv, and in this interview with Help Net Security, she discusses national defense and security challenges, as well as developing technologies and systems resilient to cyber attacks.

elevating cyber resilience

What were the most important takeaways from your 11 years in the Israeli Defense Forces? How did being part of this elite technology unit shape your vision of cybersecurity protection?

The most important takeaway from the service in the IDF is that nothing is impossible. If there is a need, there is a way. The means will be identified and it just a matter of creativity to find the right way to achieve any goal. This is, in my view, the essence of Israeli entrepreneurship, and one of the reasons the cyber eco-system is striving in Israel.

IAI leverages state-of-the-art technology for national defense and security challenges. Based on the feedback from your clients, which technologies are most in demand today?

We, at IAI, believe that most important and sought technologies are those that help organizations to detect that something bad is happening, at a very early stage. Preferably, even allowing organizations to predict that something bad can happen or is about to happen, and to direct the organization on how to avoid it or mitigate it.

The main problem with most of the common cyber monitoring technologies available today is that they generate large number of alerts without prioritizing them. Therefore technologies that can generate actionable insights are the key to improving cyber resilience.

Therefore, the main solution that is sought by our national level customers is establishing national level cyber security operation centers. These centers, essentially proactively monitor national cyber space in order to perform the following operations:

  • Conduct a national level, on going and real time, cyber risk assessment
  • Monitor national cyberspace in real time in order to identity cyber attacks or predict attacks based on indicative…

Source…

Zerto 9 brings immutability and automation for ransomware resilience

/in


Zerto announced the general availability of Zerto 9, significantly advancing its capabilities in the fight against ransomware. Offering new immutability and automation features, Zerto 9 also provides enhanced cloud data management and protection capabilities for end users and managed service providers, new backup capabilities including support for additional cloud platforms, and cloud tiering to deliver secure and cost-effective archive storage and simplified management.

Ransomware attacks continue to grow in severity and volume, bringing increasing costs and growing financial, legal, and even political ramifications. Organizations must invest in technology that allows them to recover and resume operations quickly following a ransomware attack, not just protect against it. Based on a foundation of 12 years of expertise with continuous data protection (CDP), Zerto enables organizations to move on from a ransomware attack with minimal data loss and downtime by allowing users to rewind and recover data with granularity from any point in time—and do so within seconds of a disruptive event.

Zerto 9 enables immutability settings for long-term data retention to be easily managed from within the Zerto user interface. As a result, users can set how long backups can remain unaltered, safeguarding them to the cloud to prevent malicious deletion or modification of data, including ransomware. In this release, immutability support is available for Amazon S3.

“Zerto 9 enables organizations to defend their business from the consequences of ransomware, and with fully orchestrated failover and failback, organizations can recover infected applications and data from just seconds back,” said Deepak Verma, vice president, product management for Zerto. “With just a few clicks, our journal-based recovery is flexible enough to recover only what is needed, whether that’s files, virtual machines, or an entire application stack from a point-in-time. As ransomware attacks continue to escalate, these are game-changing capabilities that we have had built into our platform for many years now, and they just keep getting better with every release.”

“It’s vital to keep our infrastructure…

Source…