ETSI completed its first remote Mission Critical Plugtests event

Sophia Antipolis, 11 February 2019

ETSI has just ended its third MCX Plugtests, which is the first remote Plugtests^TM within the MCX Plugtests programme, from 3 Dec 2018 until 31 Jan 2019.  

Read More...

First ETSI NFV API conformance test event in remote mode

Sophia Antipolis, 10 May 2019

From February 4 to April 15, 2019, ETSI organized a remote NFV API Plugtests® event with the support of its Centre for Testing and Interoperability. The Remote NFV API Plugtests was not only the first to be entirely remote; it was also the first entirely dedicated to the testing of NFV APIs.

Read More...

ETSI’s 4th NFV Plugtests event broadens its scope with edge computing testing

Sophia Antipolis, 29 July 2019

The 4^th ETSI NFV Plugtests^TM event was one of the sunny June highlights in ETSI, as it took place from 3 to 7 June in Sophia Antipolis.

Read More...

ETSI new upcoming mission critical Plugtests event

Sophia Antipolis, 18 September 2019

ETSI, in partnership with ERILLISVERKOT (State Security Networks Group Finland) and the support of TCCA and the European Commission, organizes the fourth MCX Plugtests event which will take place from 23 to 27 September 2019 at the Savonia University of Applied Sciences, KUOPIO, FINLAND. 

Read More...

First ETSI C-V2X interoperability event tests ETSI ITS and 3GPP standards

Registration now open!

Sophia Antipolis, 8 November 2019

ETSI, with experts from its Center for Testing and Interoperability, in partnership with the 5GAA, is organizing the first C‑V2X Plugtests^TM event.

Hosted by DEKRA in its Connected Vehicle Test Development Centre in Malaga from 2-6 December 2019, the event will enable vendors to run interoperability test sessions to assess the level of interoperability of their implementations and validate their understanding of the standards. Interoperability testing checks that devices built to the same standards can work together and provide the functionalities specified in the standards.

Read More...

First ETSI C-V2X interoperability event: success rate of 95% achieved

Sophia Antipolis, 11 December 2019

The first ETSI C-V2X Plugtests^TM, performed in partnership with 5GAA, came to a close with a success rate of 95% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 320 test scenarios were executed in lab and field environments for interoperability with 70 people present onsite for testing.

Read More...

Second ETSI C-V2X interoperability test event, remote, to connect vehicles in Europe and in the rest of the world

Register now for this remote event!

Sophia Antipolis, 5 May 2020

ETSI, in partnership with the 5GAA, is organizing the second “Cellular-Vehicle-to-Everything” (C-V2X) Plugtests^TM event. It will be held remotely, from 20 to 31 July 2020. ETSI has recently setup a remote lab for all participants, it leverages the ETSI Hub for Interoperability and Validation (HIVE) to interconnect participants’ labs and allow for multi-party interoperability testing.

Read More...

ETSI Mission Critical Plugtests event achieves a 95% interoperability success rate

Sophia Antipolis, 2 November 2020

ETSI is pleased to announce it has now released the Report of its fifth MCX Plugtests^TM remote event that took place from 21 September to 2 October 2020. Results of the testing sessions outline an interoperability rate of 95%, giving industry a reliable set of standards for successful implementations.

Highlights of this event included initial railway-oriented capabilities in 3GPP Release-15, such as functional aliases, multi-talker, helping Future Railway Mobile Communication System (FRMCS) move forward. 173 delegates from all over the world executed around 1350 test cases in 169 test sessions, interoperability results were reported in the ETSI Test reporting tool. Around fifty new test cases were developed for this event and will be added to ETSI TS 103 564.

Read More...

Developers at MEC Hackathon challenged to trial edge computing for 5G at the Droidcon virtual event

Sophia Antipolis, 10 December 2020

The successful last edition of MEC Hackathons endorsed by ETSI took place on 25 to 26 November and was hosted by Droidcon Italy 2020 as a fully virtual event. The competition was open for developers to test their applications with ETSI MEC APIs (Application Programming Interfaces) in a variety of use cases. The organizing committee received a total of 14 submissions, including several topics, from Augmented Reality for Construction Sector, to consumer, media and entertainment application, to automotive services. Admitted teams were offered remote access to MEC servers and software platforms to develop mobile applications for advanced services in MEC-enabled 5G networks, using ETSI MEC technologies. They were also required to onboard their applications in real-life MEC systems and connect with the MEC APIs to receive simulated in-network data.

Read More...

ETSI NFV and MEC API 2021 testing event Report now available

Sophia Antipolis, 16 April 2021

The ETSI NFV&MEC API Plugtests™ 2021 event, which ran remotely during the whole month of February, allowed participants to self-evaluate the conformance of their API server implementations with network function virtualization and multi-access edge computing API specifications. The event allowed also to validate and gather feedback on ETSI NFV and MEC API and Conformance Testing Specifications, and associated Robot test suites. The full Report, including results, findings and lessons learnt is now available HERE.

Read More...

ETSI announces first interoperability event for future railway communication

Sophia Antipolis, 19 April 2021

ETSI has announced that its Future Railway Mobile Communication System (FRMCS) Plugtests™ event will take place from 14 to 18 June 2021. Over 20 vendors and more than 80 participants will participate.

Read More...

ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event

Sophia Antipolis, 28 June 2021

On 23 June, as part of the commemoration of the European Year of Rail, the COIT Smart Railways Working Group conducted an online session to publicise the features and advantages of the FRMCS (Future Railway Mobile Communication System). This system will replace the current GSM-R and technologically mark the next decades of a means of transport that is living its best moment.

Read More...

ETSI 6^th MCX Plugtests event reports a success rate of 97.6%

Sophia Antipolis, 16 December 2021

ETSI is pleased to release the Report of its sixth MCX Plugtests event. Organized with the support of the European Commission, EFTA, TCCA and UIC, it was held in hybrid mode from 8 to 19 November 2021, with LTE assisted testing at University of Malaga, Spain. Vendors had the possibility to send equipment to the University of Malaga (UMA) for participating in end-to-end testing. They could use the LTE test network available on the premises and rely on the UMA experts onsite to run interoperability test sessions on the network without being present.

Read More...

Newly launched C-V2X service demonstrated at ETSI Plugtests event

Sophia Antipolis, 31 March 2022

Today at the 3^rd ETSI C‑V2X PLUGTESTS^TM interoperability event, held in partnership with 5GAA and hosted by DEKRA, Vodafone has demonstrated a new C-V2X platform designed to connect road users directly with transport authorities, enabling safety information, hazard warnings and traffic updates to be shared with users in real-time. Announced yesterday, the new C-V2X platform is based on ETSI TC ITS and 3GPP mobile communication standards. Vodafone plans to launch the platform within its own Vodafone Automotive apps later this year.

Read More...

ETSI C-V2X Plugtests event achieves a 93% interoperability success rate

Sophia Antipolis, 21 April 2022

The 3^rd ETSI C-V2X Plugtests^TM event, held in partnership with 5GAA and hosted by DEKRA from 28 March to 1^st April, achieved a success rate of 93% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 226 test scenarios were executed in a laboratory and outdoor environment for interoperability, with 80 people from 25 companies participating in onsite and remote testing. All results are available in the newly released Report.

Read More...

Sophia Antipolis, 13 June 2022

The 2nd FRMCS Plugtests^TM event, organized remotely by ETSI with the support of the European Commission, EFTA, TCCA and UIC from 16 to 20 May 2022, has concluded with a success rate of 95% of the executed tests.

ETSI Plugtests events are essential to ensure seamless access to mission critical services across different vendors’ products and implementations. The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical LTE services. The MCX services are the basis for the Future Rail Mobile Communications System (FRMCS), and tests are based on the MCX (collectively for MCPTT, MCVideo and MCData services) framework.

Read More...

ETSI eSignature testing event helps industry to comply with EU regulation

Sophia Antipolis, 22 July 2022

With the eIDAS Regulation, European Union Member States have put in place the necessary technical means to process electronically signed documents that are required when using an online service offered by, or on behalf of, a public sector body. In order to ensure that the cross-border dimension works in practice, testing needs to be done to mutually check Member States’ signatures against their existing digital signature validation applications.

Read More...

Testing of trustworthy systems. Register now for the ETSI UCAAT event!

Sophia Antipolis, 25 July 2022

The well-established UCAAT event addresses the practical challenges of testing and test automation faced by industry today. UCAAT 2022 will be hosted by Siemens in Munich on 13-15 September. Registration is now open. Join us!

Read More...

ETSI flagship event Security Conference attracts nearly 200 attendees onsite

Sophia Antipolis, 7 October 2022

The sun was shining this week on one of ETSI’ s flagship events, the Security Conference, where the number of participants onsite reached nearly 200 attendees, from 27 countries.

Read More...

ETSI Event: How to teach the Next Generation of ICT Standards People

Sophia Antipolis, 12 October 2022

On 6 October, ETSI organized its first workshop dedicated to present the full teaching material for ICT standardization, available from our website. The ETSI education about standardization programme started in 2016. This event was addressed to educators at university level and professionals. The audience comprised national standards organizations, university professors and Intellectual Property experts.

Read More...

ETSI Mission Critical testing event reports a 96% success rate

Sophia Antipolis, 16 December 2022

The capabilities of Mission Critical Push-to-Talk (MCPTT), Mission Critical Data (MCData) and Mission Critical Video (MCVideo) – together abbreviated as MCX services – were tested during the seventh MCX Plugtests™ from 07 November to 11 November 2022 at the University of Malaga (UMA). The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical services over LTE and 5G networks.

Read More...

Sophia Antipolis, 16 February 2023

The 9th face-to-face ETSI-IQC Quantum-Safe Cryptography event this week attracted a large audience of nearly 200 people from Europe, North America and Asia, bringing together industry, academia and government. The event was kicked off by ETSI Director-General Luis Jorge Romero, who gave an overview of the quantum-safe standardization journey since the first workshop in 2013 and reiterated ETSI’s continued support for this important global effort.

Read More...

Testing end-to-end service configuration of Millimetre Wave network devices in a Software Defined network using NETCONF

Sophia Antipolis, 8 March 2023

ETSI has organized the fourth millimetre Wave Transmission (mWT) Software Defined Networking (SDN) Plugtests™ event from 20 to 24 February 2023. The event took place at the ETSI headquarters, in Sophia Antipolis, France.

Read More...

Sophia Antipolis, 3 July 2023

ETSI is starting today its 3rd FRMCS (Future Railway Mobile Communication System) Plugtests™ event. GSM-R is one of the main standards for railway telecommunication services. It is developed and maintained by the ETSI Technical Committee Railway Telecommunications. With the increased need for more throughput, higher capacity and flexible deployment options, FRMCS is being developed based on 3GPP Mission Critical Services.

Read More...

Sophia Antipolis, 1 September 2023

The Report of the 3rd interoperability Plugtests™ event for the Future Railway Mobile Communication System (FRMCS) is now available. All executed tests achieved an interoperability success rate of 86%.

Read More...

Sophia Antipolis, 16 October 2023

The ETSI’s 8^th MCX (mission-critical) Plugtests event concluded last week at the University of Malaga. The event received support from the European Union (EU), the Critical Communications Association (TCCA), the European Free Trade Association (EFTA), EUTC (European Utilities Telecom Council) and the International Union of Railways (UIC).

Read More...

Sophia Antipolis, 22 November 2023

The Report of the eight MCX Plugtests™ event that took place from 9 October to 13 October 2023 at University of Malaga (UMA) is now available. The Report shows a success rate of 95% interoperability of the 3GPP mission critical services executed tests.  

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Starts: Sat, 23 Nov 2024 18:30:00 -0500
11/23/2024 06:30:00PM
Location: Seoul, Korea (south)

Starts: Wed, 11 Dec 2024 19:00:00 -0500
12/11/2024 05:00:00PM
Location: Vancouver, Canada

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

SAINT JOHN, NB - In recognition of Financial Literacy Month’s theme “Money on your Mind?

"A desperate call for help interrupts holiday celebrations at the Bureau of Balance, and sends Taako, Magnus and Merle on a high-stakes mission to find and reclaim a fourth deadly relic: a powerful transmutation stone, hidden somewhere in the depths of a floating arcane laboratory that's home to the Doctors Maureen and Lucas Miller. An unknown menace has seized control of the stone, and is using it to transform the lab into a virulent pink crystal that spreads to everything it touches. It's only a matter of time before this sparkling disaster crash-lands, but in order to find the stone and save the whole planet from being King Midased, our heroes will have to fight their way through a gauntlet of rowdy robots and crystal golems, decide whether they can trust the evasive Lucas Miller, and solve the mystery of what— or who— has put them all in peril, before there's no world left to save." -- Provided by publisher

To accompany this year’s SpotOn London conference, at the Wellcome Trust on Friday, 14 November

"Starting off with an attack on S.T.A.R. Labs in Gotham City by a giant robot that steals an entire room of the laboratory— Batman is going to have to stop it before it can cause more harm … and with Lex Luthor freshly back in Gotham— he knows where to start his search. Will Batman be able to topple the billionaire before he leaves Gotham?" -- Provided by publisher.