The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has an edge

Disruption is expected; financial crime should be, too.

Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security architect, Consolidated Data Services

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.

Data archiving benefits

Data archiving benefits

Many CIOs are still unsure what role governance should play in their data archiving strategy.

Changing the business culture

Changing the business culture

Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.

Strengthen links in the supply chain

Strengthen links in the supply chain

Watching highly publicized supply-chain disasters unfold, we shake our heads in disbelief - but what supply chain risks are you taking today that would be difficult to defend tomorrow?

It's not the breach that kills you, it's the cover-up

It's not the breach that kills you, it's the cover-up

It's how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.

Building security around Bitcoin

Building security around Bitcoin

Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.

The great IT and mobile user peace treaty

The great IT and mobile user peace treaty

The average consumer has 40 or more apps installed on their mobile device, many of which they use to do their jobs, whether IT has sanctioned its use or not. The problem is that creates a "shadow IT" system.

Me and my job: John Gibson, senior IT security officer, tTech Ltd.

Me and my job: John Gibson, senior IT security officer, tTech Ltd.

John Gibson discusses the challenges and rewards of his security role at tTech Ltd. as the senior IT security officer.

Beyond the hype of industry trends

Beyond the hype of industry trends

Cloud computing is becoming a reality that will need to be addressed by every security department.

Mobile: Behind the headlines

Mobile: Behind the headlines

Has mobile malware changed through time as dramatically as the headlines might imply?

Time for a charge card overhaul

Time for a charge card overhaul

We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.

The fallacy of targeted attacks

The fallacy of targeted attacks

It's time to admit that the bad guys can always make a first move, says Damballa's Manos Antonakakis.

Driving the mission forward

Driving the mission forward

The needs of the organizations we protect are complex and the response required due to the criticality of the services we provide tends to put our multi-faceted operations in a state of flux, says Roland Cloutier, CSO, ADP.

A perfect time for cyber crime

A perfect time for cyber crime

Two things needed to become widely available for cyber criminals to further expand the threat landscape - a network infrastructure that allows them to operate under the radar, and currency that would let them conduct commerce anonymously.

A case for opportunistic encryption on the web

A case for opportunistic encryption on the web

The best aspect of opportunistic encryption is in the fact that it can be built into our infrastructure and deployed transparently for everyone.

Me and my job: Mat Gangwer, security architect, Rook Security

Me and my job: Mat Gangwer, security architect, Rook Security

We take a look inside the professional world of Mat Gangwer, security architect at Rook Security.

The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Getting ahead of new threats

Getting ahead of new threats

There are six security threats all businesses should be aware of for 2014, says ISF's Steve Durbin.

Surveillance data: All eyes on you

Surveillance data: All eyes on you

With the advent of nearly omnipotent video surveillance, the age-old saying "a picture is worth a thousand words," scares me more today than it ever has.

Security, Gangnam style

Security, Gangnam style

Asian nations are producing nurturing communities of security professionals that are more prepared to deal with a rapidly changing environment.

Bitcoin payments pose security challenges for brick and mortar merchants

The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.

Fuzzy math: The need for a national cyber breach notification standard

Fuzzy math: The need for a national cyber breach notification standard

Although some progress has been made in the availability of data, we are far away from having the transparency required for risk management.

Ethical challenges of the Internet of Things

We knowingly, and sometimes unknowingly, interact with the Internet of Things on a daily basis in both our professional and personal lives.

Mobile access: It's not just about calendar and email anymore

Mobile access: It's not just about calendar and email anymore

The mobile workforce - no longer satisfied with limited access - wants access to all the applications and data needed to perform all job tasks from a multitude of personal mobile devices, anywhere, anytime.

Prepare for mobile threats in 2014

Prepare for mobile threats in 2014

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions that offer comprehensive security to provide a multi-layered security solution.

The lessons of Bletchley Park

The lessons of Bletchley Park

The cyber threat landscape has always been in flux and will continue to evolve. However, it seems the pace of change has increased significantly in the past few years alone.

Why wasn't healthcare.gov security properly tested?

Why wasn't healthcare.gov security properly tested?

Anyone designing a new system such as this should take security into account from the beginning. The amount of personal information that could be harvested by any breach is truly alarming.

Ways to avoid a multi-million dollar security disaster

Ways to avoid a multi-million dollar security disaster

From Adobe to Facebook, security breaches continue to be top-of-mind for both companies and users, and organizations around the globe are all wondering if they are next in line to deal with a breach of their own.

Hacker economics: Opportunity costs and attacker attention spans

Hacker economics: Opportunity costs and attacker attention spans

When we think about criminal hackers, we picture a techie who lives and breathes code. But more recently, another picture comes to mind. When you get right down to it, hackers are people, too.

Me and my job: John Dickson, principal, Denim Group

Me and my job: John Dickson, principal, Denim Group

This month's "me and my job" focuses on John Dickson, principal at Denim Group.

Rx for medical devices

Rx for medical devices

Network-connected-and-configured devices can be infected by malware that provides access to patient data, monitoring systems and implanted patient devices.

Protect digital identity

Protect digital identity

As more and more organizations fall victim to data leakage, it seems that as long as no financial data is compromised, consumers seemingly don't care.

Data protection in the dark

Data protection in the dark

The malicious insider or outsider does not stop on the first attempt, says Verdasys' Peter Tyrrell.

Privacy needs more than technology

Privacy needs more than technology

I enjoy conducting security awareness training as it allows me to emphasize the importance of security to the organization, says David Sheidlower, CISO, Health Quest Systems.

Protecting the data about data

Protecting the data about data

It has been said that encryption simply trades one secret (the data) for another (the key). In the same way, encrypting data naturally shifts attention to that which is not protected: the metadata.

Big Data and security analytics collide

Big Data and security analytics collide

Big Data will become "The next big thing" - a critical re-evaluation and re-tooling of our analytical abilities. This is not about being able to query more data, but being able to query all data.

Vint surfed the wrong wave

Vint surfed the wrong wave

Vint Cerf's recent comment about privacy being an anomaly and a challenge that is too difficult to implement is unacceptable.

Look beyond the features when it comes to security

Look beyond the features when it comes to security

While information is crucial to improving an organization's posture in the marketplace, it also creates a centralized target for cyber criminals which may result in destructive data breaches.

All I need this season is cyber security

All I need this season is cyber security

With this year's holiday season here, online retailers should be focused on preparing their networks for increased traffic as well as protection from cyber threats.

Computer forensic examiners are in demand

Computer forensic examiners are in demand

The need for computer forensic examiners (aka "CFE") is on the rise.

Me and my job: Alexandru Catalin Cosoi, chief security researcher, BitDefender

Me and my job: Alexandru Catalin Cosoi, chief security researcher, BitDefender

BitDefender's Alexandru Catalin Cosoi discusses role and what he'd like to see occur in the security space.

Combatting insider threats

Combatting insider threats

We must stop the insanity by focusing on the data and controlling privileged user access.

As the network shifts

As the network shifts

The right form of network security can - and will - support continuous monitoring and network security management initiatives.

Eliminate mobile app threats

Eliminate mobile app threats

Don't hang your hat on enterprise app store security, says Jack Walsh at ICSA Labs.

The changing face of data protection

The changing face of data protection

Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.

Threat intelligence starts with the human element

Threat intelligence starts with the human element

A strong cyber threat intelligence program should include proactive analysis of network traffic, testing of theories based on our understanding of human behavior.

We are data and data is property

We are data and data is property

As long as we treat personal information as property, we are faced with an unavoidable dilemma. If we are data and data is property, then we may become property.

Don't forget forgotten passwords

Don't forget forgotten passwords

One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.

What the Tesla fire can teach security pros about DDoS

What the Tesla fire can teach security pros about DDoS

The Tesla fire does not have anything to do with DDoS attacks, but there is one valuable lesson to be learned: Organizations could be better prepared to perform like a Tesla on fire when they face a DDoS attack.

Me and my job: Jesse Bowling senior information security engineer, American University

Me and my job: Jesse Bowling senior information security engineer, American University

The time and energy to optimize a service or process is often seen as an unaffordable luxury, says Jesse Bowling senior information security engineer, American University.

CSOs should report to the CEO

CSOs should report to the CEO

CSOs need to be able to function at the highest levels of an organization while not being tethered to a specific department or operational function.

SMBs: Easy targets

SMBs: Easy targets

The first step toward better protecting an organization is to learn how cyber attacks work.

The coming Internet of Things

The coming Internet of Things

We don't need to make the same mistakes of the first generation of PCs and servers, says the SANS Institute's John Pescatore.

Beyond the hype on Big Data

Beyond the hype on Big Data

Using Big Data for security is the "new hotness," says Holly Ridgeway, SVP and CISO enterprise systems at PNC.

Cloud addiction: At what point does the elastic snap?

Cloud addiction: At what point does the elastic snap?

Why does the lure of the cloud tempt businesses to put ever more sensitive data at risk? Richard Moulds, VP of strategy at Thales e-Security examines the situation.

The 'must haves' to make the Framework for Cybersecurity useful

The 'must haves' to make the Framework for Cybersecurity useful

Since NIST has no regulatory or statutory authority to enforce its use, the Framework must include specific information and guidance that business leaders will want to follow.

Web security is in fashion

Web security is in fashion

Web attacks are a constant, known enemy of every organization. As we're currently in Cyber Security Awareness Month and web attacks are more frequent than ever, web security is in fashion.

How to breeze through your next compliance audit

How to breeze through your next compliance audit

In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.

Open source software is more secure than you think

Open source software is more secure than you think

Open source is growing in the enterprise, but oftentimes when people think of open source, they are concerned about the potential security issues.

Me and my job: Gregory Gong, managing partner, Wall Street IT Management

Me and my job: Gregory Gong, managing partner, Wall Street IT Management

This month we asked Gregory Gong, managing partner, Wall Street IT Management, about his job.

Appreciate your log data

Appreciate your log data

By mining log data and managing it proactively - instead of ignoring it until something goes wrong - organizations can mitigate risk, ensure service availability and promote operational efficiency.

Survival in the shadows

Survival in the shadows

Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims.

One cloud does not fit all

One cloud does not fit all

Cloud providers must be evaluated before moving operations, says the DTCC's Mark Clancy.

Toeing the line...across sectors

Toeing the line...across sectors

A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.

The NSA's actions create distrust

The NSA's actions create distrust

Information security is in place not only to make ourselves more resilient to threats, but to create a mutually established trust with which we can communicate with reasonably expected results.

Threat-intelligence sharing is dead, and here's how to resuscitate it

Threat-intelligence sharing is dead, and here's how to resuscitate it

Organizations are counting on information sharing measures that are so manually intensive, that they are unable to scale to meet critical computer network defense requirements such as speed and accuracy.

Watering hole attacks: Tracking services leave companies vulnerable

Watering hole attacks: Tracking services leave companies vulnerable

The methods that attackers are using continue to evolve in terms of sophistication and sheer cleverness.

Me and my job: Geoff Linnell, group CIO, Celerant Consulting

Me and my job: Geoff Linnell, group CIO, Celerant Consulting

September's "Me and my job" features Geoff Linell, group CIO for Celerant Consulting.

Biting the silver bullet: Protecting corporate assets

Biting the silver bullet: Protecting corporate assets

There are a few key things every business should consider to truly improve data security.

No need for anti-phishing vigilantes

No need for anti-phishing vigilantes

There are serious risks involved when dealing with phishers.

Cover those blind spots: Establishing protocols that go beyond compliance

Cover those blind spots: Establishing protocols that go beyond compliance

Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.

PCI DSS 3.0 is a start, but more changes are needed

PCI DSS 3.0 is a start, but more changes are needed

The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.

Trustworthiness can't guarantee security, but it's indispensable

Trustworthiness can't guarantee security, but it's indispensable

IT security professionals must learn to identify trustworthy and reliable products and vendors. But keep in mind, no matter how objectively certified a product may be, if the vendor has a poor reputation, the product will lose credibility.

Protecting one's data in the cloud, post Snowden

Protecting one's data in the cloud, post Snowden

It used to be that organizations were concerned about migrating their data to the cloud out of fear of hackers or disgruntled insiders. But Edward Snowden's NSA leaks show there's a new threat actor: the government. Encryption can help.

What are the duties of a CISO? It depends

What are the duties of a CISO? It depends

While CISOs are security leaders, there are different areas that they need to specialize in depending on the culture of the organization they serve.

Me and my job: Sasan Hamidi, CISO, Interval International

Me and my job: Sasan Hamidi, CISO, Interval International

This month's "Me and My Job" features Sasan Hamidi, CISO at Interval International.

Thinking strategically about privacy

Thinking strategically about privacy

Managing privacy is moving toward collaboration, communication and education, says Ernst & Young's Sagi Leizerov.

Making sense of your logs

Making sense of your logs

Organizations today have a master data model to drive efficiencies in system design. How about a similar approach for the enterprise security program?

Snowden NSA leaks should prompt fresh look at insider threat

Snowden NSA leaks should prompt fresh look at insider threat

As the Edward Snowden affair continues to make headlines around the world, there are ways organizations can bolster their security strategy to ensure they're not the next target.

How to avoid the Spamhaus' blacklist to maintain email deliverability

How to avoid the Spamhaus' blacklist to maintain email deliverability

Spamhaus seems to be shrouded in mystery, and rightly so. There is a lot of misinformation out there regarding the service. But, there's one thing I'd like to clear up. Hint: It's all about the approval.

Me and my job: Stephen Fridakis of the Food and Agriculture Organization of the United Nations

Me and my job: Stephen Fridakis of the Food and Agriculture Organization of the United Nations

For this month's "Me and My Job" we speak with Stephen Fridakis, senior IT security officer for the Food and Agriculture Organization of the United Nations.

Learning from the learners

Learning from the learners

Our educational institutions continue to set the pace in BYOD.

Thriving in new times

Thriving in new times

There is no doubt that threats have evolved from vandalism and hobby-based malware to financially motivated crime and now state-sponsored espionage and attacks against government and enterprise targets around the world.

My job is like a carnival game

My job is like a carnival game

To defend against evolving threats, prepare and maintain vigilance, says DTCC's Parthiv Shah.

Malware writers: Don't screw up

Malware writers: Don't screw up

Targeted attacks are easy and cheap, but not always anonymous, says Norman ASA's Snorre Fagerland.

Sharing is caring

Sharing is caring

Cyber attacks continue to grow and evolve in sophistication. Consequently, it's sometimes difficult to tell who the good guys are when everyone is in the game.

Mobile devices call for security solutions that don't apply to the PC world

Mobile devices call for security solutions that don't apply to the PC world

Cloud computing services and social networks are pushing data to external networks, but mobile devices are circumventing corporate networks entirely.

What CSOs should look for in new hires

What CSOs should look for in new hires

As security threats continue to grow in numbers, the burden will fall on colleges and universities to better prepare the next-generation of information security workers.

Being great: Five critical CISO traits

Being great: Five critical CISO traits

There are five common traits that are commonly found in the truly innovative CISOs in the industry.

Is your IT department "donating" your attorney-client privilege without your knowledge?

Is your IT department "donating" your attorney-client privilege without your knowledge?

There are a number of organizations out there that ask for — and often receive — access to data on both successful and unsuccessful attacks on your technology infrastructure.

Me and my job: Nick Hetrick, senior IS security operations analyst, WellSpan Health

Me and my job: Nick Hetrick, senior IS security operations analyst, WellSpan Health

Nick Hetrick, senior IS security operations analyst, WellSpan Health, discusses his latest projects, what motivates him and how he entered the field.

Storage is risky on mobile devices

Storage is risky on mobile devices

The biggest risk of mobile computing continues to be unauthorized physical access to the device as a result of loss or theft, but threats of viruses to mobile devices continue to grow.

Back to basics: Advanced threats

Back to basics: Advanced threats

Advanced threats push companies and individuals between the proverbial rock and a hard place.

App developers and privacy practices: Preach what you practice

App developers and privacy practices: Preach what you practice

Now is the time to prepare and post a privacy policy in a conspicuous place, says Stephen Wu.

A case study in curbing phishing

A case study in curbing phishing

FedEx realizes its customers play an integral role in protecting themselves and helping secure cyber space, and the company attempts to do all it can to help them.

Do mobile location tracking features freak you out a little, or a lot?

Do mobile location tracking features freak you out a little, or a lot?

Thanks to location-based capabilities, mobile app developers must also consider the privacy ramifications of their creations.

Executive order, NIST initiatives may help electric providers get ahead of the threat

Executive order, NIST initiatives may help electric providers get ahead of the threat

While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.

Follow me on this, your security team includes non-security people

Follow me on this, your security team includes non-security people

A successful security professional will tap into an organization's entire employee base to get results. And the benefits will go both ways.

Sign up to our newsletters

POLL