SECURITY LABS

WHITE PAPERS
Azure Case Study

Here at Obrela Security Industries we heavily invested in dissecting the Azure platform, to provide our customers with a full range of security services related to Exposure, Risk and Threat Management. OBRELA collects all this information and provides a unique multi-dimensional view on the physical users activity across their interactions with both Azure and every physical datacenter components, in unified screens and reports. Every suspicious activity is flagged, analyzed and followed allowing us to respond within minutes to upcoming threats.

READ MORE
Integrating People, Process and Technology

Properly balanced security controls that engage technology as much as people are essential for Enterprise information security. Human intelligence is still the hurt of every security system. People are indispensable to evaluate an incident and decide the response strategy during a crisis.

READ MORE
When and where cyber security took a wrong turn? And how you can regain control of your company’s security posture

The cyber security industry appears to be struggling to keep pace with a seemingly never-ending stream of new vulnerabilities exposing organisations to ransomware attacks, corporate espionage and worse. Trade shows such as InfoSecurity Europe 2017 host hundreds of new “off-the-shelf solutions” that claim to provide cybersecurity at a stroke. The million dollar bet here is whether a custom made solution based on the company’s precise needs with full interoperability would be possible.

READ MORE
Hewlett Packard Enterprise (HPE) Worldwide Case Study about Obrela

Today’s vendor driven approach to cybersecurity which continues to add more and more layers, is not sustainable. With a mathematical certainty every security model will inevitably fail at least once, regardless of the defense and technology sophistication involved.

READ MORE
Real Time Risk Management

Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. It is neither a fixed cost nor a fixed duration project; rather an on-going business program with strategy, plans, objectives and stakeholders.

READ MORE
Cyprus Computer Society Conference Whitepaper

It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these fundamental activities allow an organization to deal with risks throughout the business. This set of activities constitutes risk management. The optimal model to address the risks of internet security must combine technology, process and insurance. This Risk Management approach permits companies to address successfully a range of different risk exposures. In some cases, technical controls help address these threats; in others, procedural and audit controls must be implemented. Because these threats cannot be completely removed, however, Cyber - Risk insurance coverage represents an essential tool in providing such non-technical controls and a major innovation in the conception of risk management in general.

READ MORE
Cyber-Insurance

Today, infrastructure encompasses computer technology and key business processes and is increasingly web-based. Thus, the availability and security of computer networks and web sites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure. Insurance companies have to develop new insurance policies to provide coverage for online risks. Cyber insurance covers a number of areas not normally spelled out in traditional policies. Failure to attend to information-security issues may result in contractual liability through material adverse effect clauses as well as representations and warranties regarding security, due diligence and compliance. The optimal model to address the risks of Internet security must combine technology, process and insurance.

READ MORE
Critical Infrastructure Protection

Information Security in critical infrastructures is a major challenge. Critical infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disasters, and negligence, leading to loss of confidentiality, integrity and availability of the critical infrastructure information assets. Vulnerabilities in critical infrastructure not only create risk for systems, networks, information and public trust, but also create risk to the economic and national security. Protection of the critical infrastructure information components has become especially important for the economic vitality and way of life. Attacks on critical infrastructure could disrupt the direct functioning of key business and government activities. Critical infrastructure protection requires the development of a competent protection strategy by identifying the critical assets and evaluating the possible risks.

READ MORE
PKI Roadmap - A guideline for government institutions

PKI implementations have a great failure rate, statistically, due to absent or misplaced organizational structures, the role and the effectiveness of which is considered critical in the establishment of the relevant operational model, supporting policy and legal framework. The scope of this framework describes the delivery of PKI services by, and on behalf of, government and provide recommendations based on experience and best practices as these have been recorded by Obrela Security Industries and the industry in general. It is applicable to all systems responsible for the delivery of e-Government services to citizens, businesses and other organizations.

READ MORE