With this year's holiday season here, online retailers should be focused on preparing their networks for increased traffic as well as protection from cyber threats.
The need for computer forensic examiners (aka "CFE") is on the rise.
BitDefender's Alexandru Catalin Cosoi discusses role and what he'd like to see occur in the security space.
We must stop the insanity by focusing on the data and controlling privileged user access.
The right form of network security can - and will - support continuous monitoring and network security management initiatives.
Don't hang your hat on enterprise app store security, says Jack Walsh at ICSA Labs.
Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.
A strong cyber threat intelligence program should include proactive analysis of network traffic, testing of theories based on our understanding of human behavior.
As long as we treat personal information as property, we are faced with an unavoidable dilemma. If we are data and data is property, then we may become property.
One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.
The Tesla fire does not have anything to do with DDoS attacks, but there is one valuable lesson to be learned: Organizations could be better prepared to perform like a Tesla on fire when they face a DDoS attack.
The time and energy to optimize a service or process is often seen as an unaffordable luxury, says Jesse Bowling senior information security engineer, American University.
CSOs need to be able to function at the highest levels of an organization while not being tethered to a specific department or operational function.
The first step toward better protecting an organization is to learn how cyber attacks work.
We don't need to make the same mistakes of the first generation of PCs and servers, says the SANS Institute's John Pescatore.
Using Big Data for security is the "new hotness," says Holly Ridgeway, SVP and CISO enterprise systems at PNC.
Why does the lure of the cloud tempt businesses to put ever more sensitive data at risk? Richard Moulds, VP of strategy at Thales e-Security examines the situation.
Since NIST has no regulatory or statutory authority to enforce its use, the Framework must include specific information and guidance that business leaders will want to follow.
Web attacks are a constant, known enemy of every organization. As we're currently in Cyber Security Awareness Month and web attacks are more frequent than ever, web security is in fashion.
In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.
Open source is growing in the enterprise, but oftentimes when people think of open source, they are concerned about the potential security issues.
This month we asked Gregory Gong, managing partner, Wall Street IT Management, about his job.
By mining log data and managing it proactively - instead of ignoring it until something goes wrong - organizations can mitigate risk, ensure service availability and promote operational efficiency.
Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims.
Cloud providers must be evaluated before moving operations, says the DTCC's Mark Clancy.
A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.
Information security is in place not only to make ourselves more resilient to threats, but to create a mutually established trust with which we can communicate with reasonably expected results.
Organizations are counting on information sharing measures that are so manually intensive, that they are unable to scale to meet critical computer network defense requirements such as speed and accuracy.
The methods that attackers are using continue to evolve in terms of sophistication and sheer cleverness.
September's "Me and my job" features Geoff Linell, group CIO for Celerant Consulting.
There are a few key things every business should consider to truly improve data security.
There are serious risks involved when dealing with phishers.
Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.
The latest version of the payment security industry's data safeguarding standard should also include mandates and guidance around risk management, penetration testing and mobile.
IT security professionals must learn to identify trustworthy and reliable products and vendors. But keep in mind, no matter how objectively certified a product may be, if the vendor has a poor reputation, the product will lose credibility.
It used to be that organizations were concerned about migrating their data to the cloud out of fear of hackers or disgruntled insiders. But Edward Snowden's NSA leaks show there's a new threat actor: the government. Encryption can help.
While CISOs are security leaders, there are different areas that they need to specialize in depending on the culture of the organization they serve.
This month's "Me and My Job" features Sasan Hamidi, CISO at Interval International.
Managing privacy is moving toward collaboration, communication and education, says Ernst & Young's Sagi Leizerov.
Organizations today have a master data model to drive efficiencies in system design. How about a similar approach for the enterprise security program?
As the Edward Snowden affair continues to make headlines around the world, there are ways organizations can bolster their security strategy to ensure they're not the next target.
Spamhaus seems to be shrouded in mystery, and rightly so. There is a lot of misinformation out there regarding the service. But, there's one thing I'd like to clear up. Hint: It's all about the approval.
For this month's "Me and My Job" we speak with Stephen Fridakis, senior IT security officer for the Food and Agriculture Organization of the United Nations.
Our educational institutions continue to set the pace in BYOD.
There is no doubt that threats have evolved from vandalism and hobby-based malware to financially motivated crime and now state-sponsored espionage and attacks against government and enterprise targets around the world.
To defend against evolving threats, prepare and maintain vigilance, says DTCC's Parthiv Shah.
Targeted attacks are easy and cheap, but not always anonymous, says Norman ASA's Snorre Fagerland.
Cyber attacks continue to grow and evolve in sophistication. Consequently, it's sometimes difficult to tell who the good guys are when everyone is in the game.
Cloud computing services and social networks are pushing data to external networks, but mobile devices are circumventing corporate networks entirely.
As security threats continue to grow in numbers, the burden will fall on colleges and universities to better prepare the next-generation of information security workers.
There are five common traits that are commonly found in the truly innovative CISOs in the industry.
There are a number of organizations out there that ask for — and often receive — access to data on both successful and unsuccessful attacks on your technology infrastructure.
Nick Hetrick, senior IS security operations analyst, WellSpan Health, discusses his latest projects, what motivates him and how he entered the field.
The biggest risk of mobile computing continues to be unauthorized physical access to the device as a result of loss or theft, but threats of viruses to mobile devices continue to grow.
Advanced threats push companies and individuals between the proverbial rock and a hard place.
FedEx realizes its customers play an integral role in protecting themselves and helping secure cyber space, and the company attempts to do all it can to help them.
Thanks to location-based capabilities, mobile app developers must also consider the privacy ramifications of their creations.
While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.
A successful security professional will tap into an organization's entire employee base to get results. And the benefits will go both ways.
Marty Edwards' job is to coordinate efforts between the government and the private sector.
In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.
Employees lack the training to collect and preserve email and electronic evidence.
The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.
Are we creating a cyber professional salary bubble that will eventually burst, asks Holly Ridgeway, SVP and CISO enterprise systems at PNC.
How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?
A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).
Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.
Unfortunately, data security and regulatory compliance requirements do not evaporate in the public cloud, says Vormetric's Ashvin Kamaraju.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
Cyber espionage is at an all-time high, and businesses across the United States are being targeted and breached, says Phillip Ferraro, CISO, DRS Integrated Defense Systems and Services.
Lets just stop preventing what seems to be unavoidable and figure out how to enable our users to operate securely on a completely compromised device.
Finance companies should adopt an approach of least privilege, which takes into account security and productivity by granting users only the rights necessary to carry out their jobs.
While intellectual property theft at the hands of regular employees may not yield the provacative headlines as a Chinese military unit spreading APTs from an office in Shanghai, the former scenario is the more likely one.
Security professionals must toe the delicate line of assessing and responding to legitimate risk and being mindful of an organization's needs. Working in their favor is belief that protecting sensitive data is a fundamental component of any business operation.
As interest in the public cloud remains strong, a security expert makes sense of new recommendations for securing payment card data in those environments.
Tupac Shakur once sang, "The old way isn't working so it's on us to do what we gotta do to survive." That too goes for information security professionals, who are being tested like they've never been tested before.
Cyber war is not as common as the mainstream news cycle would have us believe, but its definition is not as cut-and-dry either. Just because nothing is blowing up doesn't mean it isn't happening. It's all about the context.
From "booth babes" to vapid marketing lingo to directionless conversations with vendor reps, one industry veteran wonders how information security professionals can take the RSA Conference showroom floor seriously.
Dominic Vogel, IT security analyst at a financial institution in British Columbia, Canada, shares how he entered the information security field and the challenges he faces.
IT trends - cloud, social networking and BYOD - are making the practice of security management complex, and are forcing organizations to shift to a risk-management perspective.
Prior to a job switch, ask questions to learn if the company you are considering is in good shape, says former Yahoo CISO Justin Somaini.
Information security executives must work to "engineer" their organizations to be better, faster, cheaper - and more secure, says Rafael Diaz, CISO, state of Illinois.
One of sternest challenges for security professionals is finding the person who can best communicate the significance of data protection to senior management. It can be done, but sometimes it takes a little bit of luck.
The days of refusing to look for possible IT and security threats with the potential to result in the loss of customer data are over.
As the bring-your-own-device movement becomes commonplace and better managed, it's time for security pros to move their focus toward securing the mobile application.
If properly cultivated through effective education programs, employees can shed the moniker of "weakest link" and become an organization's greatest security asset.
There's no denying that CSOs will have to deal with bring-your-own-device sooner or later, but ultimately it will lead to an enhanced workforce.
When seeking to attack social networking sites, miscreants don't even have to bother with the client or the server, yet a similar outcome could result. Now is the time for these platforms to prepare for what's to come.
When building new systems, security must be as foundational as performance and capability. Because without such a model, the risks associated with today's IT environments will only worsen.
Debate: Bug bounty programs - offering monetary rewards to researchers - help make companies more secure.
The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like.
If no one can guarantee an organization is hack-proof, then perhaps it's time for a more practical approach - cyber liability insurance.
As employees use more consumer-grade applications and access more corporate data from unmanaged mobile devices, the network perimeter continues to disappear - along with IT's ability to enforce appropriate security controls.
BYOD has empowered the modern workforce, improved productivity and allowed companies to deliver better services to customers and partners. Forrester sees a continuation of this trend into 2013 and beyond.
The best run organizations can find a number of blunders lurking in their firewall rules.
When you consider how many stakeholders are invested in Microsoft's Patch Tuesday, it's no wonder the monthly affair stirs up so much energy in the cyber world.
Distributed denial-of-service attacks are becoming more potent, and truth be told, they're often difficult to stop.
With a new year come new challenges. But while many see bring-your-own-device gaining momentum, more organizations may be ready to issue their own handhelds to employees.
Understanding your organization's security posture can mean the difference between data that's protected from attackers and a breach that can result in major financial and reputational harm.