Secure by Design and Secure by Default: You need both to boost AppSec

Discover why both Secure by Design and Secure by Default are essential for robust AppSec. https://jpmellojr.blogspot.com/2025/02/secure-by-design-and-secure-by-default.html

Mayorkas Stresses Unity at Munich Cyber Conference

Public and Private Sectors Unite for Cybersecurity

In an era where the digital revolution's pace is only matched by the escalating cyber threats, Secretary Mayorkas' keynote at the Munich Cyber Security Conference in Munich, Germany, could not have been more timely. Addressing a broad audience of technologists, policymakers, and cybersecurity professionals, Mayorkas laid out a vision for a united front against the cyber challenges of our time. Moreover, his address underscored the importance of collaboration between the public and private sectors, marking a pivotal moment in the global dialogue on cybersecurity.   The Evolving Cyber Landscape Reflecting on the digital utopia envisioned by early internet pioneers, Mayorkas acknowledged the stark reality of today's cyber environment. The dream of an unregulated, boundless cyberspace has given way to a landscape where cyber threats loom large over every aspect of society. From the crippling effects of ransomware on critical infrastructure to the destabilizing efforts of foreign adversaries, the Secretary painted a vivid picture of the challenges we face. Yet, amidst these threats, he highlighted the transformative potential of technologies like artificial intelligence, urging for a balanced approach to innovation and security.   A Call for a Cyber-Social Compact Central to Mayorkas' address was the concept of a "cyber-social compact," a framework for shared responsibility in cybersecurity. He argued for a model that transcends the dichotomy of regulation versus innovation, emphasizing the need for a harmonious integration of security measures into the fabric of technological development. This compact calls for burden-sharing, where both the risks and responsibilities of cybersecurity are distributed more equitably among stakeholders.   Secure by Design Mayorkas emphasized the principle of "Secure by Design," urging companies to embed security considerations in the early stages of product development. This approach urges companies to prioritize resilience over rapid profitability, ensuring that products incorporate inherent security measures to protect users from emerging threats.   Baselining Security Standards The Secretary also proposed the establishment of minimum security standards, a collaborative effort between the government and the private sector to define a baseline of cybersecurity requirements. This initiative aims to alleviate the burden on individual consumers, many of whom lack the expertise to navigate the complex landscape of cyber threats. By setting a foundational level of security, the entire ecosystem stands to benefit from enhanced protection against cyberattacks.   Moving at the Speed of Business Recognizing the dynamic nature of the technology sector, Mayorkas called for regulatory agility. The goal is to create a regulatory environment that can adapt swiftly to technological advancements, ensuring that cybersecurity measures are not only effective but also timely. This approach seeks to foster innovation while safeguarding the digital ecosystem against evolving threats.   A United Front Against Cyber Threats In conclusion, Secretary Mayorkas' address at the Munich Cyber Security Conference served as a clarion call for unity in the face of cybersecurity challenges. By advocating for a cyber-social compact, he underscored the importance of collective action and shared responsibility in securing our digital future. The message was clear: only through collaboration can we hope to protect the integrity of our cyber landscape and harness the full potential of technological innovation for the betterment of society. The Secretary's vision for a secure, resilient digital world resonates deeply with the current cybersecurity discourse. As we move forward, the principles outlined in his address will undoubtedly shape the strategies and policies of both the public and private sectors. The path to a safer cyberspace is a shared journey, and Mayorkas' keynote has illuminated the way forward.   Sources: THX News & US Department of Homeland Security. Read the full article

U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches  

Source: https://www.cisa.gov/news-events/news/us-and-international-partners-publish-secure-design-and-default-principles-and-approaches

More info: https://www.cisa.gov/securebydesign

#Breaking: Weak access controls in #AI can lead to privacy, safety, and security risks. @CISAgov

Weak access controls in #AI can lead to privacy, safety, and security risks. Implement security measures like multi-factor authentication, strong password policies, and data encryption to ensure your AI systems are #SecureByDesign! https://go.dhs.gov/3bF Source: X

Webline's Optimization- The best speed and security settings.

Optimize your website, maximize speed and minimize security risks with managed services from Webline services.

https://webline-services.com/managed/

How secure-by-design ITSM processes can be a business differentiator

How secure-by-design ITSM processes can be a business differentiator

For modern companies’ continued digital transformation efforts to be successful, they must embrace innovations in IT service management, according to frequent SearchCIO contributor and information governance expert Jeffrey Ritter. But as security and compliance needs continue to evolve, Ritter notes that this is having a big influence over how companies implement ITSM procedures, including…

View On WordPress

RT @AuCyberStrategy: While we’re developing the #2020Strategy, we know action is required now. You said more should be done to secure #IoT in 🇦🇺. We think so too. Have your say on our draft voluntary Code of Practice @ https://t.co/xk0p2w6r9j. #cybersecurity #InternetofThings #securebydesign https://t.co/np21jltZ4U (via Twitter http://twitter.com/CyberGovAU/status/1204575198260817926)

Securebydesign IoT at the edge

SNNX.com : http://dlvr.it/Qnk0Vz

How platform engineering helps you get a good start on Secure by Design

Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative. https://jpmellojr.blogspot.com/2024/06/how-platform-engineering-helps-you-get.html

Guarding Tomorrow: UK's Cyber Security Triumph

  Strengthening the Barricades: A Speech on Cyber Operations

In a groundbreaking address at the recent , the Deputy Prime Minister took center stage, delivering a compelling speech that underscored the evolving landscape of cyber threats and the pivotal role the UK plays in safeguarding its digital frontiers.   The New Face of Warfare: Cyber Attacks on Critical Services Addressing a captivated audience, the Deputy Prime Minister highlighted the escalating risks faced by the nation in cyberspace. He emphasized the imperative nature of shielding critical services such as public finances, infrastructure, education, healthcare, and defense from cyber attacks.   The Unseen Foe: Unveiling Cyber Crime Statistics The Deputy Prime Minister shed light on the alarming statistics, revealing that 40 percent of cyber attacks addressed by the National Cyber Security Centre targeted the public sector last year. The digital realm has become the new frontline, and the individuals present at the event were acknowledged as the stalwarts manning the barricades.   Building Resilience: The Government's Cyber Security Strategy Commending the Government Cyber Security Strategy, the Deputy Prime Minister affirmed that since its inception two years ago, it has significantly fortified the country's cyber defenses. Ambitious targets have been set to make all government organizations resilient to known vulnerabilities and common attack methods.   Collaboration for Defense: GovAssure and GC3 Initiatives The speech highlighted transformative initiatives like GovAssure and the newly established Government Cyber Coordination Centre (GC3). These platforms facilitate collaboration among cyber defenders across the government, ensuring a united front against cyber threats. The Deputy Prime Minister emphasized the practical implementation of a "whole of government approach" in combating cyber threats.   Emerging Threats: A Changing Landscape The Deputy Prime Minister stressed the evolving nature of cyber threats, citing the rapid development of technologies and the lowered bar for hostile actors. The speech underscored the major cyber threats to democratic processes, including interference by states employing sophisticated technology and malicious actors targeting political figures.   Identifying the Culprit: Russian Cyber Operations Exposed In a startling revelation, the Deputy Prime Minister disclosed that a unit within the Russian Federal Security Service, known as Centre 18, had orchestrated sustained hostile cyber operations targeting the UK's democratic processes. The cyber attack, attributed to a group named Star Blizzard, aimed at undermining trust in politics by selectively leaking information.   A Call to Action: Strengthening Cyber Security Systems and Skills The Deputy Prime Minister outlined a two-pronged approach to stay ahead in the cyberspace race: fortifying cyber security systems and enhancing skills. He announced a mandate to make "secure by design" mandatory for central government organizations, signaling a paradigm shift in digital delivery. Additionally, efforts to address the shortage of cyber skills were unveiled through apprenticeships and fast-stream programs.   Uniting for Cyber Defense: Whole of Society Approach The speech concluded with a rallying call for a united front against cyber threats, transcending government boundaries. The Deputy Prime Minister emphasized the importance of a "whole of society" approach, highlighting the unity that sets the UK apart from its adversaries.  

Securing Tomorrow: The Path Forward

As the Deputy Prime Minister challenged the nation to be at the forefront of cybersecurity, he painted a vision where the UK leads in technology, artificial intelligence, and cyber innovation. In a world where the digital landscape is fraught with challenges, the Deputy Prime Minister's speech resonates as a clarion call for unity and vigilance in safeguarding the country's digital future.   Sources: THX News, Cabinet Office & The Rt Hon Oliver Dowden CBE MP. Read the full article

RT https://t.co/2TGHxLw4TW Old handles replaced with Lock Lock handles and cylinder upgraded this morning. . . . #Exeter #Upvc #DoorHandles #LockLock #SecureByDesign #TS007 #PAS0… https://t.co/78TXpSPWSk

RT https://t.co/2TGHxLw4TW Old handles replaced with Lock Lock handles and cylinder upgraded this morning. . . . #Exeter #Locksmith #Upvc #DoorHandles #LockLock #SecureByDesign #TS007 #PAS0… pic.twitter.com/78TXpSPWSk

— Key - Kong Locksmith (@Denverkeykong) April 28, 2018

Source: @Denverkeykong April 28, 2018 at 03:54PM More info locksmith Denver

'Secure by design' makes waves at RSA Conference 2024

Source: https://www.techtarget.com/searchsecurity/news/366583952/Secure-by-design-makes-waves-at-RSA-Conference-2024

More info:

https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/

https://www.cisa.gov/securebydesign/pledge

RT https://t.co/7yLvo2ca6b WHEN DO PEOPLE UPGRADE THEIR HOME SECURITY? https://t.co/mfttfIqaFm #upgrade #Security #secureByDesign #homesecurity #ONS2018 #Statistics #window #door… https://t.co/vLJqw2qJDB RT https://t.co/7yLvo2ca6b WHEN DO … https://t.co/vLJqw2qJDB

RT https://t.co/7yLvo2ca6b WHEN DO PEOPLE UPGRADE THEIR HOME SECURITY? https://t.co/mfttfIqaFm #upgrade #Security #secureByDesign #homesecurity #ONS2018 #Statistics #locksmith #window #door… pic.twitter.com/vLJqw2qJDB RT https://t.co/7yLvo2ca6b WHEN DO … https://t.co/vLJqw2qJDB

— Key - Kong Locksmith (@keykonglocksmit) March 20, 2018

Source: @keykonglocksmit March 20, 2018 at 11:06PM More info Locksmith San Antonio

Will CISA's Secure by Design pledge be a catalyst for better software security?

CISA's Secure by Design pledge is gaining momentum in the tech world. With support from over 60 companies, will it be the game-changer we need for better software security? https://tinyurl.com/5ez77sue

Memory-safe languages and security by design: Key insights, lessons learned

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue. https://jpmellojr.blogspot.com/2024/03/memory-safe-languages-and-security-by.html

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. https://jpmellojr.blogspot.com/2023/08/cisas-secure-by-design-too-much-too-soon.html