Tag Archive for: tackle

2022 FAIR Conference to Explore Scaling Risk Management Practices to Tackle Growing Cyber Threats

/in


Get instant alerts when news breaks on your stocks. Claim your 1-week free trial to StreetInsider Premium here.

Hybrid in-person and virtual event on Sept. 27-28 in Washington, D.C., and online

Media Passes: To access FAIRCON22 event sessions in person or online, contact Luke Bader, director, membership and programs, FAIR Institute, [email protected]; or Eskenzi PR: Avery MacGregor, [email protected], 978.290.2970; or Cathy Morley Foster, [email protected], 925.708.7893.

RESTON, Va., Sept. 26, 2022 (GLOBE NEWSWIRE) —  What: As financial stakes in cybersecurity grow higher, FAIR Institute, the non-profit professional organization that advances measuring and managing risk, is doubling down to help businesses and organizations protect their most valuable assets with its 2022 FAIR Conference (FAIRCON22). The annual event, this year themed, “Scale: Risk Management to the Next Level,” will bring together thought leaders in cyber and operational risk management to discuss best FAIR™ (Factor Analysis of Information Risk) practices to develop increased value and alignment with business goals.

When: This premiere global risk management conference will be held in-person at the Mandarin Oriental Hotel, Washington, D.C., and virtually Tuesday, Sept. 27, and Wednesday, Sept. 28. Program line-up features dynamic keynote addresses, interactive C-suite panels, and expert case study sessions.

Who: Open to professionals in risk management and offers beginner and advanced session tracks.

  • Speakers: Jack Jones, chairman, FAIR Institute; Mark Tomallo, senior vice president, CISO, Victoria’s Secret; Mary Elizabeth Faulkner, CISO, Thrivent Financial; Jeff Norem, Deputy CISO, Freddie Mac; Matthew Tolbert, senior cybersecurity specialist, supervision and regulation, Federal Reserve Bank of Cleveland; and James Lam, public and private board director; National Association of Corporate Directors (NACD) certified director and D100 honoree; ERM consultant, author, and speaker; and Derek Johnson senior reporter, SC Media; among others.
  • In-person and Virtual: “This year, we are pleased to welcome attendees back in person and to virtual events for FAIRCON22. The conference focus is on ‘Scale,’ demonstrating how to…

Source…

FG launches N-Alert mobile app to tackle insecurity

/in


The Minister of Interior, Rauf Aregbesola, on Thursday, launched the N-Alert mobile application to help citizens in reaching out to security agencies across the country for swift intervention concerning crime, homicide or other security-related incidents.

According to the minister, the mobile application could have helped minimise the rate of human and infrastructural casualty during the infamous Kaduna-Abuja railway attack had a passenger alerted security agencies as at the time of the attack.

He said, “The government continues to commit resources to security agencies and their welfare. Security is the responsibility of everybody and what is important is vigilance. With the N-Alert mobile application, citizens can send real-time videos, audios and photos of all the incidents they wish to report.

“It is practically impossible to kidnap school children numbering over 20 on motorbikes without people noticing it. If it had happened before, it would not happen again.”

The minister said the slogan for the app is ‘see something, say N-Alert’.

Appealing to citizens not to abuse the mobile application by reporting fake emergencies, he said, “We appeal to the good people of Nigeria to not abuse the app as such will weaken the team’s response to genuine alerts.”

Also speaking at the event, the Minister of Information, Lai Mohammed, stated that his ministry would work in tandem with the Ministry of Interior for the success of the mobile security application.

He said, “What is being launched here today is going to be a game changer in the way we manage security, our lives and property in this country. One ingredient that is essential for the success of this application is information – getting the right information to the relevant agencies in the situation room for quick response.”

Copyright PUNCH.

All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.

Contact: [email protected]

Source…

Emerging Security Tools Tackle GraphQL Security

/in


One good thing about GraphQL is that the query language makes it easy to interact with structured data and perform multiple actions with a single API call. However, that same flexibility makes APIs built using GraphQL more difficult to secure, potentially exposing more data than intended.

Salt Security recently updated its Salt Security API Protection Platform to offer more robust tooling for securing GraphQL APIs. The tools rely on artificial intelligence and machine learning to generate a baseline of normal API behavior and identifying malicious efforts when the actors are probing the APIs as part of their reconnaissance activities. The company’s goal is to proactively provide developers with tools for securing these APIs before the attacks become more commonplace.

GraphQL is an open source data query language that is gaining traction among many developers as a declarative alternative to REST APIs for fetching data. Originally developed by Facebook and open sourced in 2015, GraphQL enables clients to specify exactly what data it needs from an API and underlying services without writing parsing code. GraphQL is organized in terms of types and fields rather than traditional endpoints.

Developers like GraphQL because it is very efficient to exchange information, but its call and response format introduces new risks, says Elad Koren, chief product officer of Salt Security. GraphQL APIs can include many nested requests inside a single API call, which adds to its complexity.

“The biggest advantage is the ability to request exactly what is needed — not more, not less,” Koren says. “But that is also a significant vulnerability, since the data is not limited by structure, and it relies on the API to be properly constructed.”

Something that would be a minor permissions and authorization issue in the REST API limited to subset of endpoints could wind up creating a significant attack surface in GraphQL, Koren says.

GraphQL developers will be able to use Salt Security’s platform to discover APIs and where they expose sensitive data, mitigate data exposure, stop attacks, and eliminate vulnerabilities, the company says. The platform parses the complex structure of the…

Source…

Why phone scams are so difficult to tackle – BBC News

/in



Why phone scams are so difficult to tackle  BBC News

Source…