Page 67 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 67
According to the rivals, simple and effective mitigations include:
• TLSv1.3 adoption
• HTTP Strict-Transport-Security response header (HSTS headers)
• OWASP Top 10 (updated September 2021)
• Center for Internet Security (CIS) Critical Security Controls (v8 updated May 2021)
The taxonomy is an industry effort and a living document, maintained by Shared Assessments. It is the
most recent result of a two-phase cooperative project let by the Shared Assessments Continuous
Monitoring Working Group, established in 2017, which galvanized practitioners from over 55 member
organizations. The first phase was published as an article in 2019, “Creating a Unified Continuous
Monitoring Cybersecurity Taxonomy: Gaining Ground by Saying What’s What.” The second phase is the
taxonomy itself.
A copy of the Shared Assessment Unified Third Party Continuous Monitoring Taxonomy can be obtained
for free and here is where the SRS firms explain the benefits of the Webinar Cybersecurity Taxonomy for
Continuous Monitoring.
67