Why are we issuing this Consultation Paper?
This Consultation Paper (CP) seeks public comment on our proposals for regulating Security Tokens. These proposals are designed to provide a regulatory regime for activities relating to Investments that:

a)are a digital representation of rights and obligations, created, stored and capable of being transferred electronically – using distributed ledger technology (DLT) or similar technology; and (more…)

Databases have become increasingly sophisticated over the last decades. The relational database is the most common. This technology allows data to be viewed in dynamic ways based on the user’s or administrator’s needs. The most common language used to communicate with databases is Structured Query Language (SQL). SQL allows users to pass queries to database servers in real time. This flexibility causes a major vulnerability when it isn’t securely implemented. Don’t confuse the language SQL with Microsoft’s database product SQL Server, though, like most databases, SQL Server uses Structured Query Language.

(more…)

It didn’t take long for cyber criminals to say ‘Happy New Year’ to 2019 as the first data breach announcement came on January 2 by Blur, a password management company, that had an unsecured server exposing a file containing 2.4 million user names, email addresses and other information.

While 2018 hit record-setting numbers as to the number of data breaches and consumer records exposed, 2019 was on pace as of mid-year to be the worst year ever, according to a report by Risk Based Security

(more…)

Industrial Control Systems (ICS) are important to supporting US critical infrastructure and maintaining national security. ICS owners and operators face threats from a variety of adversaries whose intentions include gathering intelligence and disrupting National Critical Functions.
As ICS owners and operators adopt new technologies to improve operational efficiencies, they should be aware of the additional cybersecurity risk of connecting operational technology (OT) to enterprise information technology (IT) systems and Internet of Things (IoT) devices.

(more…)

The scope of this Guide could be very large and unwieldy, so it has been refined to focus on key areas, thereby excluding some important cyber security topics (but certainly not all), such as:

• Cyber security incident response, which is covered in a separate CREST guide • In-depth analysis of fields in event logs, as these are well covered in the CPNI/Context report entitled Effective Cyber Security Log Management
• Deep technical analytical tools and techniques, typically used by commercial cyber security monitoring and logging experts
• Cyber security insurance.

(more…)