Cyber Security Resilience & Risk Aggregation concepts have a near relationship because Risk aggregation refers to efforts done by firms to develop quantitative risk measures that incorporate multiple types or sources of risk. Cyber Security Resilience is the capacity to have different Cyber controls which can provide the organization an adequate resilience according the organization risk appetite by doing risk management of the aggregation of multiple types or sources of risk. One interesting topic is Internet of Things (IoT) which is increasing in our personal and professional life. The more assets are “shared” (including Critical Infrastructures and Smart Cities IT assets) the more risk we areRead More →

Nowadays the payment fraud landscape is changing quite fast. Changing from classic schemes as bank cheque fraud, faked manual payment orders to organized crime with corporate as targets. Understanding fraud also occurs when dishonest acts are committed without personal gain but are intended to create a loss or risk of loss for another person or entity. This includes the intentional misrepresentation of financial condition. I created a presentation where I explain in details this topic, you can see my presentation here: Payment fraud from Ramiro CidRead More →

Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc. All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks. People is normally “the weak link in the chain”. I created a presentation where I explain in details this topic, you canRead More →

Until now, when people talk about cloud computing, it’s usually understood that the cloud is a metaphor for groups of remote, networked servers. Now “space computing” means it literally: physical servers operating in outer space. We can think “Cloud computing” evolution is “Cloud in the space” or simple “Space Computing”. To put servers in space have so many advantages but some clear disadvantages to solve before to put in practice. Advantages: Save energy problems, data centers use up 10% of the world’s electricity No need to freeze the servers Fast processing because the space environment A very good cost-effective to launch a server into space Disadvantages: ThereRead More →

Nowadays, and even more in the future, Internet of Things will be present (it is already now) in our personal and professional life. The more assets are “shared” (including Critical Infrastructures) in this new “environment”, the more risk we are assuming, so more effort we will need to do to improve our security. It is clear that we are “opening” many doors (too many?) to give opportunities to hackers to attack our Critical Infrastructures, environments and assets, steal or destroy our data (think about Big Data also) and maybe we can also think all it is not logical because it is an attitude with too muchRead More →

“…A computer system is no more secure than the persons responsible for its operation…” Cybersecurity, is much more than information security applied to IT assets. Serious financial damage has been caused by security breaches, but because there is no standard model for estimating the cost of an incident, the only data available is that which is made public by the organizations involved. There are a big number of different vulnerabilities in relation of the type of assets: a) Denial-of-service attack b) Backdoors c) Exploits d) Direct access attacks e) Eavesdropping f) Indirect attacks There are different type of countermeasures: 1) Security and systems design 2)Read More →