For the incoming federal CISO: Focus on the human side of cybersecurity

For the incoming federal CISO: Focus on the human side of cybersecurity

The new federal CISO should be a champion for the role of information security not just in the public sector, but across all walks of American life, from business to school to home.

UK Cyber-security after Brexit: May not be as bad as it first appears

It's difficult to predict how the global and British economies will react to Brexit in the long run, however UK Cyber-security every chance of staying in very good shape says Ilia Kolochenko.

Like pilots, CISOs need a cockpit to manage threats, vulnerabilities, risk

Like pilots, CISOs need a cockpit to manage threats, vulnerabilities, risk

Chief Information Security Officers (CISO) today no longer sit in the IT and security corner doing "techie" things.

Cyber Warfare - Who are you going to call?

Cyber Warfare - Who are you going to call?

If your organization is connected to the Internet, you are very likely engaged in cyber warfare whether you like it or not.

Me and my job: Karthik Rangarajan security engineer, Addepar

Me and my job: Karthik Rangarajan security engineer, Addepar

Me and my job: Karthik Rangarajan security engineer, Addepar

Apple vs. FBI: Too much to ask

Apple vs. FBI: Too much to ask

If Apple complies, the FBI would have the ability to compromise personal security when it wishes, says Ryan O'Leary, VP of Threat Research Center, WhiteHat Security. .

Apple vs. FBI: Comply!

Apple vs. FBI: Comply!

In cases where terrorist attacks are carried out state-side, it is vital that intelligence be obtained, says J.J. Thompson, CEO, Rook Security.

The new age of protection

The new age of protection

Effective detection is comprised of several parts, says Cyphort's Nick Bilogorsiy.

We're off our game

Talk of attack prevention is antiquated, says Illena Armstrong, VP editorial, SC Magazine.

Cross-border transfers: A vexing problem

Cross-border transfers: A vexing problem

It's anyone's guess what the outcome of the upcoming Brexit vote will be, but it could create significant turmoil, says IBM's Jon Wilkinson.

Me and my job: Gina Chapman

Me and my job: Gina Chapman

Gina Chapman, senior director of security operations, Center for Internet Security

Threat of the month: February 2016

Threat of the month: Man-in-the-middle attack

Debate: Cybersecurity information sharing allows network defenders to stay ahead of adversaries.

Debate: Cybersecurity information sharing allows network defenders to stay ahead of adversaries.

Right-sized surety training

Right-sized surety training

Security awareness training aims not only to impart information, but also to change behavior.

Securing open source

Securing open source

Open source code might be presumed mature, but could rely on technology developed a decade earlier.

Mitigating ransomware

Mitigating ransomware

Ransomware is a complex threat, but its impact can be lessened, says Thomas Gresham.

Establishing a pragmatic security program

Establishing a pragmatic security program

Many companies are establishing formal security programs for the first time or are seeking to optimize existing programs to improve the level of maturity.

Cloud myths debunked

Cloud myths debunked

Many organizations still hesitate to move to the cloud. Why?

Let's just call it "The era of IT security"

This year has been marked by the almost daily occurrence of some information security-related incident or another.

What IT security can learn from the credit fraud paradigm

What IT security can learn from the credit fraud paradigm

We've all received a call at one point or another from the fraud protection departments of our credit card providers, telling us they've detected some suspicious activity on our accounts and would like to verify a few recent charges.

The Security Vulnerability You Can Prevent

The Security Vulnerability You Can Prevent

The Internet of Things is one of the world's fastest growing technologies. Unfortunately, it is also poised to become the fastest growing source of security vulnerabilities in the enterprise - but it doesn't have to be that way.

All Talk-Talk and No Action

All Talk-Talk and No Action

The latest cyber attack, a breach compromising the data of up to four million of Talk-Talk's loyal customers, is yet another in a growing line of pernicious cyber attacks against corporate infrastructure.

How vulnerable is the fingerprint scanner on your phone?

How vulnerable is the fingerprint scanner on your phone?

There are legal issues and technical vulnerabilties aound the use of fingerprint scanners on mobiles, hence, Anthony Neary says, it is vital to have a mix of solutions which enable maximum possible security.

Thwart email phishing

Thwart email phishing

While there is a regular discussion of how to prevent successful phishing attempts, one of the most successful approaches is ongoing employee training, says Colin McKinty, VP Cyber Security Strategy at BAE Systems Applied Intelligence.

Consultants: Pitfalls to avoid

Consultants: Pitfalls to avoid

many enterprises are turning to security consultants to perform assessments of their systems, says Michael R. Overly attorney, Foley & Lardner.

Demystifying an assurance fallacy

Demystifying an assurance fallacy

The one-throat-to-choke theory is a fallacy, says David Shearer, CEO, (ISC)².

Addicted to mobile technology?

Addicted to mobile technology?

Lena Smart, VP / CIO of the New York Power Authority, offers a few tips for freeing yourself from mobile addiction.

Lessons from the Experian hack

Lessons from the Experian hack

Experian breach is more than just another hack as cross referencing of data sets opens up even more scope for ciminal activity says Max Vetter

Is North Korea climbing to the top of the cyber-attack tree?

Is North Korea climbing to the top of the cyber-attack tree?

Pete Shoard asks how powerful are less developed countries such as North Korea when it comes to cyber-threats, and can it be regarded as a major player in cyber-warfare anyway for the impact it has achieved?

Security Threats are on the Rise: Is Your SAP Data Really Protected?

Security Threats are on the Rise: Is Your SAP Data Really Protected?

Instead of hoping for your end-users to make the right decision or your DLP solution to make the right guess, data protection solutions need to be context-aware.

Are SYNful Knock-style router attacks set to become the new normal?

Are SYNful Knock-style router attacks set to become the new normal?

In the wake of the SYNful Knock attack on its routers, Cisco should re-engineer its devices to prevent future attacks, says Raimund Genes.

U.S. must improve data laws

U.S. must improve data laws

Can U.S. data protection laws protect privacy and preserve tech innovation and intellectual property?

Canada stands against spam

Canada stands against spam

The impact of Canada's anti-spam legislation for companies big and small.

Rethinking your IT leadership strategy

Rethinking your IT leadership strategy

Many organizations are also investing heavily to hire top-notch CISOs to fill the presumed leadership gap in security.

Cloud container assurance

Cloud container assurance

Organizations need a solution that is built for the container pattern, says John Morello.

How to counter the M&A cybersecurity threat: hint, don't use Twitter, email

How to counter the M&A cybersecurity threat: hint, don't use Twitter, email

A leak, a hack, or a simple mistake can blow up any M&A deal carefully crafted over months or even years, says Stephen Dearing.

Me and my job: David F. Katz

Me and my job: David F. Katz

David F. Katz, partner, Nelson Mullins

Debate: Device manufacturers take a comprehensive approach to securing consumer products.

Debate: Device manufacturers take a comprehensive approach to securing consumer products.

The accountability gap

The accountability gap

As mobile and cloud dominate the future of the enterprise, security and accountability are falling through the cracks.

"Dead apps"

"Dead apps"

The mobile malware threat is mostly based on hype, not facts.

A complex approach = cost savings

A complex approach = cost savings

Companies can benefit by using a complex security approach, says A1QA's Aleksey Abramovich.

Standing before the board

Standing before the board

Public and media focus on data breaches and regulatory fees have dramatically deepened the focus on information security for executive boards.

10 Reasons You Need to Test, Not Guess

10 Reasons You Need to Test, Not Guess

How you are securing your sensitive information should not be a guessing game

Me and my job: Mikel Draghici

Me and my job: Mikel Draghici

Mikel Draghici, principal mobile security specialist, Usher

Detecting and reducing counterfeit chips

Detecting and reducing counterfeit chips

Cisco Systems CSO Edna Conway calls for action to stop the risks of counterfeit or tainted information.

Debate: Congress should mandate that the payment card industry adopt safer technology.

Debate: Congress should mandate that the payment card industry adopt safer technology.

To thine own self be true

To thine own self be true

Much needs to be done to convince boardrooms of the importance of information security.

IT only guards the front gate

IT only guards the front gate

It's time for a dramatic reimagining of how companies approach security.

Data exfiltration defense

Data exfiltration defense

A single solution won't stop data theft, says ADP's Roland Cloutier.

Staying safe in cyber land

Staying safe in cyber land

It is important for everybody to stay vigilant when online, says Lena Smart, CIO, New York Power Authority.

Why cybersecurity is vital during the vendor selection process

Why cybersecurity is vital during the vendor selection process

You likely have a list of criteria to check through during the hiring process of a vendor, but if you haven't added cybersecurity standards to that list, you should.

Building on IT security to protect all intellectual property

Building on IT security to protect all intellectual property

To extend the ERM approach to information and IP, companies need to create a comprehensive inventory of sensitive data and intellectual property that are key to their competitiveness.

What CISOs need most: Courage in the face of security nihilism

What CISOs need most: Courage in the face of security nihilism

Today's CISO must play a strategic and forceful role in mandating the transition to a more secure enterprise infrastructure.

Cybersecurity is broken

Cybersecurity is broken

Target. Home Depot. Morgan Stanley. Sony. Anthem. Jennifer Lawrence. You?

Wake up! What are you doing to battle breach fatigue?

Wake up! What are you doing to battle breach fatigue?

IT pros, beware: The phenomenon of "data breach fatigue" isn't just an issue of consumer complacency.

Me and my job: Johannes Ullrich, SANS Technology Institute

Me and my job: Johannes Ullrich, SANS Technology Institute

In this month's "Me and my job" feature, we get to know Johannes Ullrich of the SANS Technology Institute.

Mobile interfacing with IoT

Mobile interfacing with IoT

The security community is abuzz about the risks of reverse engineering code.

Bad guys are inside

Bad guys are inside

It is an assumption for many enterprises operating today that they may already have been compromised.

Avoid a network stampede

Avoid a network stampede

The rise of IoT will require a completely new approach to network security, says vArmour CEO Timothy Eades.

The failure of the security industry

The failure of the security industry

A CSO with a budget must be in want of a thousand dedicated point solutions, says Alex Stamos, CISO, Yahoo.

Strike back on payment security

Strike back on payment security

Passing the annual compliance assessment is just the start of a vigilant security program, says Stephen Orfei of the PCI SSC.

PCI DSS 3.0 is good, but not good enough

PCI DSS 3.0 is good, but not good enough

With every new data leak end users are looking for ways to better protect themselves and keep their personal financial identity safe from hackers.

The best defense is a good offense: The importance of securing your endpoints

The best defense is a good offense: The importance of securing your endpoints

The saying "better safe than sorry" rings true when it comes to data security.

Shadow data: The monster that isn't just under your bed

Shadow data: The monster that isn't just under your bed

As end users bring their own devices, applications, and even networks into their employer's fray, hallowed IT security concepts like visibility, control and peace of mind are jettisoned out the window.

The power of the subconscious to protect against online fraud

The power of the subconscious to protect against online fraud

Cybercriminals often are specifically looking for credit card numbers that can be reused on other e-commerce sites or sold to the highest bidder on the digital black market.

The car alarm syndrome and the high cost of too many security alerts

The car alarm syndrome and the high cost of too many security alerts

Sophisticated bad guys are likely to assume that high-value targets have deployed the latest security technologies - this has been the case going back over a decade.

Why it's time to replace the tootsie pop approach to network security

Why it's time to replace the tootsie pop approach to network security

How did we arrive at this approach to network security and, more importantly, what's happening today that's causing us to seriously rethink this approach?

The one-two punch of cybercrime: Who's leading the fight?

The one-two punch of cybercrime: Who's leading the fight?

Whose responsibility is it to lead the fight against cybercrime and protect valuable health care data? The answer: it's not just one person.

Why enterprise IT and security teams should talk more

Why enterprise IT and security teams should talk more

The "It won't happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises' risk of being breached.

Developer liability, data proliferation at center of FTC report on IoT

Developer liability, data proliferation at center of FTC report on IoT

The truth is simply that none of us, including the FTC and Ofcom, fully know or understand the extent for which the unintended consequences of IoT will show its ugly head.

This key unlocks the door to a network virtualization wonderland

This key unlocks the door to a network virtualization wonderland

One crucial step will ensure that you do not fall haphazardly down the rabbit hole on your way there.

What we can learn from $1 billion bank-robbing malware

What we can learn from $1 billion bank-robbing malware

If we can learn anything from the Carbanak malware, it is to use stealthy and evasive maneuvers in the security technology and education we deploy within enterprises to fight fire with fire.

IoT security: It's not to late to get it right!

IoT security: It's not to late to get it right!

As much as I applaud the FTC for making security a priority, its recommendations are light years away from where the current IoT security bar is.

Protect people, not machines

Protect people, not machines

Perimeter security has only brought us so far. It's time to embrace a user-centric model instead.

Policy driven development: Bringing DevOps to InfoSec

Policy driven development: Bringing DevOps to InfoSec

In order to show risk is being properly managed, security teams are often regarded as gatekeepers who slow the pace of software development due to what is perceived as their authoritative behavior.

Playing defense in ranks: Cybersecurity reimagined

Playing defense in ranks: Cybersecurity reimagined

Technological innovation is now increasingly consumer led forcing organizations to adopt faster to serve them or it diffuses into the work environment leaving the traditional IT to play catch-up.

Me and my job: Bob West, chief trust officer, CipherCloud

Me and my job: Bob West, chief trust officer, CipherCloud

Here's a closer look at CipherCloud's Chief Trust Officer Bob West.

Rethink your cybersecurity strategy

Rethink your cybersecurity strategy

Even the most sophisticated, well-intentioned perimeter-focused cybersecurity strategy cannot possibly be 100 percent effective, says Oliver Tavakoli, CTO, Vectra.

How far have we come?

How far have we come?

Identity management has evolved rapidly over the past decade, says Jim Robell, president and COO, Eid Passport.

Communicating security concepts

Communicating security concepts

An ill-informed worker is a weak link that leaves a giant gap in your defenses, says SOHO Solutions VP Scott Aurnou.

Is your organization prepared for targeted cyber attacks?

Is your organization prepared for targeted cyber attacks?

Hackers are finding new attack vectors to exploit and it is becoming harder for us "security professionals" to defend our organizations, says Zouhair Guelzim, CISO, L'Oréal Americas.

Three reasons native mobile apps need extra security love

Three reasons native mobile apps need extra security love

Aside from the many benefits native apps provide, enterprises face challenges they need to deal with to make sure they aren't exposed to the new security risks native apps introduce.

Think you should just be worried about fines? Think again. And think like an attacker.

Think you should just be worried about fines? Think again. And think like an attacker.

When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.

Why government cybersecurity measures should take cues from industry-driven rules

Why government cybersecurity measures should take cues from industry-driven rules

On the whole, the recent steps taken by government are thoughtful and meaningful - and the attention to cybersecurity is overdue. But will they be enough?

Time to eliminate the value of SSNs

Time to eliminate the value of SSNs

If we can't stop breaches, then let's remove the incentive for hacking by devaluing the data, especially Social Security Numbers.

4 DevOps survival tips for security specialists

4 DevOps survival tips for security specialists

How can security pros adapt and automate their own processes to support DevOps without the business being eaten alive from non-compliance, hacks and exposures?

Me and my job: Kristi Carrier, quality auditor, Nuspire Networks

Me and my job: Kristi Carrier, quality auditor, Nuspire Networks

In this month's issue we get to know more about Kristi Carrier and her role as the Quality Auditor at Nuspire Networks.

Are mobile apps risky business?

Are mobile apps risky business?

The increasing prevalence of mobile applications is exposing new security holes for businesses.

Information privacy and Big Data

Information privacy and Big Data

Enterprises are finding new ways to solve problems and extract value from data.

The security model is broken

The security model is broken

Every enterprise is susceptible to a breach, unless something changes, says Craig Shumard, principal of Shumard and Associates.

Breach response: Are you prepared?

Breach response: Are you prepared?

Streamline your incident plan with clear IT security operational definitions and develop a detailed inventory of every asset within your network, says ViJay Viswanathan, CISO, HD Supply.

Usability as a protection feature

Usability as a protection feature

Psychological acceptability may not sound like a term that'll hold much significance for the future of secure file sharing, but don't sell it short.

Tips for organizations in the wake of the biggest corporate hack in history

Tips for organizations in the wake of the biggest corporate hack in history

Consider the main learning points from this event and count yourself lucky that you can learn at Sony Picture Entertainment's massive expense.

How organizations can prepare for 2015 data privacy legislation

How organizations can prepare for 2015 data privacy legislation

Many states have laws today that require corporations and government agencies to notify consumers in the event of a breach - but it is not enough.

Don't dismiss internal data breaches as minor - they aren't!

Don't dismiss internal data breaches as minor - they aren't!

The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.

Could the Sony breach have been prevented?

Could the Sony breach have been prevented?

While most agree that corporate security needs to improve, a question still remains: Even with best practices in place, could the Sony debacle have been prevented?

Who is responsible for software safety? Nobody is no longer an option

Who is responsible for software safety? Nobody is no longer an option

It is now up to banks to self-regulate themselves or continue to deal with the pressing questions of concerned officials like Benjamin Lawsky.

Building a proactive versus solutions-based security plan

Building a proactive versus solutions-based security plan

2014 taught us that organizations cannot rest on their laurels. Security team needs to be in a state of hypervigilance. This is precisely why developing and implementing a proactive security plan will be a critical component of 2015 IT priorities.

The problem with Big Data

The problem with Big Data

Big Data just keeps on getting bigger and bigger. It's almost like Moore's Law. And...it has a domino effect.

The 10 POS malware families this holiday season

The 10 POS malware families this holiday season

This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US