You likely have a list of criteria to check through during the hiring process of a vendor, but if you haven't added cybersecurity standards to that list, you should.
To extend the ERM approach to information and IP, companies need to create a comprehensive inventory of sensitive data and intellectual property that are key to their competitiveness.
Today's CISO must play a strategic and forceful role in mandating the transition to a more secure enterprise infrastructure.
Target. Home Depot. Morgan Stanley. Sony. Anthem. Jennifer Lawrence. You?
IT pros, beware: The phenomenon of "data breach fatigue" isn't just an issue of consumer complacency.
In this month's "Me and my job" feature, we get to know Johannes Ullrich of the SANS Technology Institute.
The security community is abuzz about the risks of reverse engineering code.
It is an assumption for many enterprises operating today that they may already have been compromised.
The rise of IoT will require a completely new approach to network security, says vArmour CEO Timothy Eades.
A CSO with a budget must be in want of a thousand dedicated point solutions, says Alex Stamos, CISO, Yahoo.
Passing the annual compliance assessment is just the start of a vigilant security program, says Stephen Orfei of the PCI SSC.
With every new data leak end users are looking for ways to better protect themselves and keep their personal financial identity safe from hackers.
The saying "better safe than sorry" rings true when it comes to data security.
As end users bring their own devices, applications, and even networks into their employer's fray, hallowed IT security concepts like visibility, control and peace of mind are jettisoned out the window.
Cybercriminals often are specifically looking for credit card numbers that can be reused on other e-commerce sites or sold to the highest bidder on the digital black market.
Sophisticated bad guys are likely to assume that high-value targets have deployed the latest security technologies - this has been the case going back over a decade.
How did we arrive at this approach to network security and, more importantly, what's happening today that's causing us to seriously rethink this approach?
Whose responsibility is it to lead the fight against cybercrime and protect valuable health care data? The answer: it's not just one person.
The "It won't happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises' risk of being breached.
The truth is simply that none of us, including the FTC and Ofcom, fully know or understand the extent for which the unintended consequences of IoT will show its ugly head.
One crucial step will ensure that you do not fall haphazardly down the rabbit hole on your way there.
If we can learn anything from the Carbanak malware, it is to use stealthy and evasive maneuvers in the security technology and education we deploy within enterprises to fight fire with fire.
As much as I applaud the FTC for making security a priority, its recommendations are light years away from where the current IoT security bar is.
Perimeter security has only brought us so far. It's time to embrace a user-centric model instead.
In order to show risk is being properly managed, security teams are often regarded as gatekeepers who slow the pace of software development due to what is perceived as their authoritative behavior.
Technological innovation is now increasingly consumer led forcing organizations to adopt faster to serve them or it diffuses into the work environment leaving the traditional IT to play catch-up.
Here's a closer look at CipherCloud's Chief Trust Officer Bob West.
Even the most sophisticated, well-intentioned perimeter-focused cybersecurity strategy cannot possibly be 100 percent effective, says Oliver Tavakoli, CTO, Vectra.
Identity management has evolved rapidly over the past decade, says Jim Robell, president and COO, Eid Passport.
An ill-informed worker is a weak link that leaves a giant gap in your defenses, says SOHO Solutions VP Scott Aurnou.
Hackers are finding new attack vectors to exploit and it is becoming harder for us "security professionals" to defend our organizations, says Zouhair Guelzim, CISO, L'Oréal Americas.
Aside from the many benefits native apps provide, enterprises face challenges they need to deal with to make sure they aren't exposed to the new security risks native apps introduce.
When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.
On the whole, the recent steps taken by government are thoughtful and meaningful - and the attention to cybersecurity is overdue. But will they be enough?
If we can't stop breaches, then let's remove the incentive for hacking by devaluing the data, especially Social Security Numbers.
How can security pros adapt and automate their own processes to support DevOps without the business being eaten alive from non-compliance, hacks and exposures?
In this month's issue we get to know more about Kristi Carrier and her role as the Quality Auditor at Nuspire Networks.
The increasing prevalence of mobile applications is exposing new security holes for businesses.
Enterprises are finding new ways to solve problems and extract value from data.
Every enterprise is susceptible to a breach, unless something changes, says Craig Shumard, principal of Shumard and Associates.
Streamline your incident plan with clear IT security operational definitions and develop a detailed inventory of every asset within your network, says ViJay Viswanathan, CISO, HD Supply.
Psychological acceptability may not sound like a term that'll hold much significance for the future of secure file sharing, but don't sell it short.
Consider the main learning points from this event and count yourself lucky that you can learn at Sony Picture Entertainment's massive expense.
Many states have laws today that require corporations and government agencies to notify consumers in the event of a breach - but it is not enough.
The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.
While most agree that corporate security needs to improve, a question still remains: Even with best practices in place, could the Sony debacle have been prevented?
It is now up to banks to self-regulate themselves or continue to deal with the pressing questions of concerned officials like Benjamin Lawsky.
2014 taught us that organizations cannot rest on their laurels. Security team needs to be in a state of hypervigilance. This is precisely why developing and implementing a proactive security plan will be a critical component of 2015 IT priorities.
Big Data just keeps on getting bigger and bigger. It's almost like Moore's Law. And...it has a domino effect.
This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.
Burden of proof should grow heavier as request for access grows more sensitive.
Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.
Cooperation is required to advance the profession, says Towerwall's Candy Alexander.
The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.
Should we rush out signatures for this latest version of malware, or should we take a step back and figure out how to focus our technology and security operations around identifying attackers before they wreak such havoc?
Network security today has similar defensive problems to those posed to American Colonial population centers. Here's why...
As hackers become more advanced, our security methods also have to evolve and become more secure so that we aren't just giving our information away.
The primary challenge to secure payment card data is that too many involved see the PCI DSS as a panacea for every risk in the marketplace.
The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.
It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.
If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.
Everyone involved with vendor management should now develop a common, collaborative security strategy.
This incident gives the industry hope that proactive measures can stop an attacker before a breach drives catastrophic results.
This year has been so bad for merchant data breaches that the president felt the need to ensure that the government would offer itself as a more safe and secure place to do business with.
This month, we get to know Marisa Faga, Bugcrowd's director of crowd operations.
As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions.
Edward Snowden has the same broad access and privileges that many employees in similar positions have at almost every business.
With parameters, new tech can help your business, says McAfee's Jonathan Fox and Tyson Macaulay.
Successful CISOs need to master more than system security to make their companies competitive and improve their own job security.
Modern mobile hacks are diverse and can be performed by anyone, from an inexperienced amateur to highly skilled teams operating like tech startups.
Bring the insider issue into the light and focus on culture change, says PSCU's Gene Fredriksen.
This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.
Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.
When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.
While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.
It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.
As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.
We are now in the fast lane towards a driverless future. Will we have to brake for hackers?
Despite big responsibilities compounded by a string of headline-grabbing data breaches, the skies are looking brighter for CISOs.
It will continue to be a year where companies need to focus on how their employees interact online.
A cyber liability policy covers first-party liability (property and theft) and third-party liability (privacy and data security).
We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.
It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.
Active security thinking ensures that we don't simply perpetuate security folklore.
Security leaders must create visible value for the organization, says Unisys's Francis Ofungwu.
The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?
Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.
The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.
This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.
We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.
We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.
Now is the time for infosec pros to embrace CHAOS and protect organizations from the realities of our always-on world.
Nation-states are flexing their muscles in the cyber realm, says Avatier's Ryan Ward.
When the entire network is down, the smart CIO is already on the phone to the CFO with an explanation, says David Sheidlower, global head of information security, BBDO Worldwide.
This heightened awareness regarding data breach response time has created an interesting dynamic for security professionals.
The relationship between development and security doesn't need to be hostile, and there are ways to engage developers more with security.
Many groups have striven to cultivate a more welcoming workplace, says Alison Gianotto.
Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.
With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.
Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.
Sign up to our newsletters
SC Magazine Articles
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- CozyDuke APT group believed to have targeted White House and State Department
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure