Risk management comes in many shapes, sizes, frameworks, and implementations. The frequency of the act of performing a risk management assessment is dependent on the cost-benefit of performing the audit.

Securing your workloads in a cloud environment comes with different challenges when compared to securing them within an on-premise location. If you were PCI DSS prior to moving into a cloud environment, subsequently your stored credit card data should have been protected with secure encryption, your business processes were documented, and policies were in place in congruence with the current operating infrastructure. While deploying and maintaining an on-premises system or a co-location environment, you have complete control over what security needs are to be implemented.

Security testing of an environment can be a time-consuming and expensive process that requires adequate knowledge of the tools, attack vectors, and methodologies bad actors may use to infiltrate or otherwise circumvent security controls. Security testing may be broken down into different layers within the infrastructure as well; Application, Network, and System testing may be employed to determine the full breadth of vulnerabilities facing your organization.

Just in case ProxyShell, ProxyLogon, Log4Shell, and Chrome 0Days just weren’t exciting enough, we now have Spring4Shell. Java is the gift that keeps on giving.

Individuals and organizations rely on strong cryptography to protect data and systems during transmission and storage. Whether we are logging in to an online banking website, using secure messaging apps, or storing data on encrypted media and mobile devices, cryptography has become ubiquitous across business and personal computing systems. What does it mean to use strong cryptography?  Here, we will highlight two methods of encryption and how they address confidentiality, non-repudiation, and integrity requirements.