Securing DevOps is the approach of embedding information security into a DevOps style of a software engineering, so making DevOps secure by design. For example with continuous training of developers, inventory analysis and monitoring of reusable code, static and dynamic scans of code, etc.
Adopting DevOps to SecOps is the approach of implementing DevOps concept into Security Operations, so employing a DevOps principle to perform routine security processes, generally with the use of a cloud. For example: Identity as a Service (IDaaS) from external provider instead of full Identity and Access Management (IAM) on premises, or cloud based SIEM from 3rd party rather than in-house, full scale security log monitoring.
Fileless malware can create “the uncertainty” that falls outside of established set of security controls. The potential threat of a fileless attack raises the risk to IT operations beyond level acceptable for most organisations. By challenging traditional security products, fileless malware can be classified as an emerging threat, with potentially significant negative consequences, and for which immediate countermeasure may not be available.
Although EU GDPR adopts “risk-based compliance” (high/risk/low) and encourages formal risk analysis, it does not mention how organisations should evaluate, assess and measure the risk. Suggested concept of “privacy by design” by GDPR should be applicable to all new business initiatives and technology developments, but how to evaluate existing processes and environments?
The most widely used social engineering techniques by threat actors according to recent reports are: reported public credential leaks, phishing kits based on HTML/PHP source code or .htaccess files and keyloggers.