The StrategyMix Insights Online Forum operates 24/7 which means you can ask cyber questions, get answers and exchange ideas with your peers, whenever it is convenient to you. It's a closed group, uses a Q&A format and it is tightly moderated. We apply the Chatham House Rule by encouraging all members to post under an anonymous username.
We have a sufficiently active member base that we can virtually guarantee that if you ask a question, you will get a high quality answer.
Last 5 Insight Questions
Some context: I’m working with our head of DevOps on securing the global DevOps program. So, I’m focused on creating a custom framework for securing the “production line” of software developed in-house. I’m looking at OWASP’s DevSecOps maturity framework plus Gartner’s content (I have a sub). Both aren’t exactly what I’m looking for.
My question: I’m interested to know which frameworks and controls companies are considering for securing repositories for source code, artifacts and containers, commits and CI/CD pipelines. We’re standardising on GitHub, including GH Advanced Security, and are looking at tools like Cycode and Legit Security.
Last Update: 19 Sep 2023 - (Cyber Leaders)
We have been PCI compliant for a decade now and we have used PCI as a de facto cyber framework despite its limitations (it is very prescriptive and very narrow in scope). We want to adopt one of the broader frameworks (NIST, Essential 8 etc) while avoiding too much duplication and added work – does anyone have any recommendations or experiences to share in this area?
We looked at this in panel discussion and there were some suggestions that NIST works best as a basis but the best answer may be a tailored mix. I like that (and I think it is always inevitable to some extent) but I do also like the certainty when interacting with partners, insurers and board of being able to state compliance to a particular framework. Any further thoughts?
Last Update: 19 Sep 2023 - (Cyber for CIOs)
How are others handling threats like juice-jacking, or staff plugging in random USB drive/disk? What combination of approaches do you use?
Last Update: 13 Sep 2023 - (Cyber for CIOs)
With all the leakage of personally identifying data happening around the globe, will we ever see a digital or other ID that can’t be faked?
Last Update: 06 Sep 2023 - (Cyber for CIOs)
In the privileged access management (PAM) world, how do you best remediate the risk when service accounts are being automatically managed? ie: credentials changed (or not changed)