Application Security

In today's cybersecurity landscape, protecting sensitive information is crucial, especially for organizations working with the Centers for Medicare & Medicaid Services (CMS). GitHub Secret Scanning has emerged as a valuable tool in this effort, not only enhancing security but also aiding in meeting various requirements within the Zero Trust Applications Pillar and the Acceptable Risk Safeguards (ARS) controls.

Background

The cybersecurity field is ever-evolving, with new threats and technologies emerging constantly. Staying informed about these trends is crucial for protecting our systems and data at CMS.

What is the News?

In this post, we'll explore the top 5 emerging trends in cybersecurity that are transforming how we defend against cyber threats. Understanding these trends will help you stay ahead in the rapidly changing digital security landscape.

What is cryptographic agility?

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s).  This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.  

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s).  This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.  

Introduction 

As the sports saying goes, “The best defense is a good offense.” The idea is to gain a strategic advantage against an opponent by anticipating their move and forcing them to be in a defensive, reactive state. The same applies to cyber security. With the age of cloud, Agile SDLCs, and ever-increasing attack surface, it has become imperative for businesses to embrace proactive security practices to effectively safeguard their assets and 
systems. Often done alone, two vital approaches are Threat Modeling and Penetration Testing. 

Part 1: History of EPSS

Proactive vulnerability management is of critical importance in helping organizations identify and address security weaknesses before they can be exploited — reducing the risk of data breaches, downtime, and reputational damage. Assessing, tracking, and remediating vulnerabilities in systems is a responsibility shared by security teams, developer teams, and business owners.

Cyber resilience is difficult to quantify, implement, and measure. What we definitely know is it breaks down into proactive and reactive approaches to security. Reactive resilience is what happens after the incident: how quickly can we identify, contain, eradicate, and recover from the attack? Proactive resilience addresses understanding the attack surface and the ability to identify and thwart attacks before they happen.