Further reading Top 8 penetration testing tools (Snyk Blog)

Further reading No true Scotsman

Further reading Normalcy bias - Wikipedia

An OpenShift cluster is a set of connected computers (called nodes) that run applications in containers. It lets you easily deploy, manage, and monitor these applications, and is designed for cloud environments.

OpenStack is a free and open-source cloud computing platform that lets users build and manage their own private and public clouds. It provides software tools for managing compute, storage, and networking resources in a data centre. A primary use case for OpenStack is when an organisation wants to build a private cloud environment. Related pages OpenStack.org

Further reading OpenVAS website Related pages Nessus

Operational resilience for an organisation can be defined as the ability to prevent, adapt, withstand, respond to, recover, and learn from operational disruptions to ensure the continuity of critical business services. Further reading The Concept of Resilience: A New Buzzword - CMS Wire What Is True Resilience? - Forbes Response and resilience in operational-risk events - McKinsey Operational resilience: Regulation Around the World - Norton Rose Fulbright Operational resilience for insurers - PwC Operational resilience for insurance firms - Grant Thornton Operational resilience insights for insurance firms - Financial Conduct Authority Operational Resilience - Bank of England & PRA & FCA Cyber operational resilience and cyber insurance - EIOPA Toward True Organisational Resilience - Deloitte Risk Resilience Report - Marsh McLennan BCI launches Continuity & Resilience Report 2022 - BCI The Business of Resilience: summary report 2022 - UK Gov Resilience Reports - European Commission Resilience: Building back better - HSBC International regulatory alignment on operational resilience - Deloitte UK Resilience without borders - Deloitte UK PS21/3 Building operational resilience - Financial Conduct Authority SS1/21: Operational resilience: Impact tolerances for important business services - Bank of England

The OR-2 module sets out the HKMA’s supervisory expectations for authorised institutions to maintain operational resilience in the event of a disruption. Further reading OR-2 SPM Module | HKMA (PDF) Operational Resilience: A new SPM module from HKMA | Deloitte Operational Resilience | KPMG The HKMA proposes new standards for operational resilience | Herbert Smith Freehills Fostering operational resilience | PwC Hong Kong SFC issues operational resilience standards and recommended techniques and procedures in the age of remote working | Herbert Smith Freehills Operational resilience and remote working | SFC Circular Related pages Operational Resilience (wiki) SPM TM-G-1 General Principles for Technology Risk Management SPM TM-G-2 Business Continuity Planning OR-1 Operational Risk Management SA-2 Outsourcing Cyber Resilience Assessment Framework 2.0

Threat modelling is a critical component of an organisation’s cybersecurity and risk management framework. The process will identify potential threats, assess vulnerabilities, and implement effective controls. Key outputs of a threat modelling exercise in a large organisation will include: 1. Threat Model Diagram. A visual representation of systems, data flows, and trust boundaries. Common formats include Data Flow Diagrams (DFDs) or Process Flow Diagrams, highlighting how data moves through the system and where risks may emerge. ...

OWASP (Open Web Application Security Project) is a non-profit organisation and online community dedicated to providing open-source solutions to help build secure web applications. Further reading OWASP Top Ten

Patching is a process in software development and ongoing maintenance where updates are applied to software to fix problems with the original code such as fixing vulnerabilities, improving functionality, or to enhance performance and speed. These updates, known as patches, are essential for maintaining the security and efficiency of software systems. Further reading Patching - Wikipedia

Paul Graham’s Essays Start with How to do great work

Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of. This is like a bank hiring someone to dress as a burglar and try to break into their building and gain access to the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information on how they need to tighten their security measures. ...

Further reading Permacomputing wiki - introduction