What Is ISO 27017 and How Does it Inform Cloud Security?

Apr 6, 2023 Lazarus Alliance 0 Comment

As cloud computing continues gaining popularity, organizations increasingly turn to cloud services to store and process their data. However, with this increased reliance on cloud services comes a heightened risk of data breaches and cyber attacks, making cloud security a critical concern for businesses of all sizes.

To address these concerns, the International Organization for Standardization (ISO) has published a code of practice for information security controls for cloud services–ISO 27017. This standard provides guidelines and general principles for securing cloud-based systems and protecting against potential security threats.

This article will explore the critical components of ISO 27017 and their importance in securing cloud-based systems. We will also discuss some of the best practices for implementing ISO 27017 in your organization and the benefits that it can provide. Finally, we will examine some challenges organizations may face when implementing ISO 27017 and guide them on overcoming them.

What Is NIST Special Publication 800-115 and What Does it Say About Penetration Testing?

Mar 30, 2023 Lazarus Alliance 0 Comment

As technology advances, the need for effective cybersecurity measures becomes increasingly important. The necessity for regular testing, including penetration testing, has raised awareness of best practices and standards for such assessments.

The National Institute of Standards and Technology (NIST) has developed comprehensive guidelines and standards to help organizations safeguard their information systems from cyber threats. Among these guidelines is NIST 800-115, a guide for conducting penetration testing on information systems.

This article will explore the fundamental principles of NIST 800-115 and the benefits of conducting penetration testing according to its guidelines. We will also discuss how organizations can use the information gathered from penetration testing to improve their cybersecurity. Organizations can better protect their systems and data from cyber threats by following the recommendations outlined in this guide.

Post-Quantum Cryptography and the Quantum Computing Cybersecurity Preparedness Act

Mar 22, 2023 Lazarus Alliance 0 Comment

Quantum computing has long been a theoretical idea with limited practical application. The only usable quantum computers were only available to cutting-edge researchers supported by massive corporations or government-funded universities.

As time has passed, however, these researchers have begun to make massive strides in making quantum computing realizable in a way that could impact modern technology. While these developments have been met with significant excitement… but this excitement is somewhat muted. Instead, many security experts are worried that they will fundamentally undermine the foundation of cybersecurity–encryption.

To address this potential threat, Congress and the President have passed the Quantum Computing Cybersecurity Readiness Act, which dictates that agencies must consider adopting post-quantum encryption to maintain compliance.