Last Word

Changing the business culture

Changing the business culture

Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.

The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Data protection in the dark

Data protection in the dark

The malicious insider or outsider does not stop on the first attempt, says Verdasys' Peter Tyrrell.

Eliminate mobile app threats

Eliminate mobile app threats

Don't hang your hat on enterprise app store security, says Jack Walsh at ICSA Labs.

The coming Internet of Things

The coming Internet of Things

We don't need to make the same mistakes of the first generation of PCs and servers, says the SANS Institute's John Pescatore.

One cloud does not fit all

One cloud does not fit all

Cloud providers must be evaluated before moving operations, says the DTCC's Mark Clancy.

Cover those blind spots: Establishing protocols that go beyond compliance

Cover those blind spots: Establishing protocols that go beyond compliance

Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.

Thinking strategically about privacy

Thinking strategically about privacy

Managing privacy is moving toward collaboration, communication and education, says Ernst & Young's Sagi Leizerov.

My job is like a carnival game

My job is like a carnival game

To defend against evolving threats, prepare and maintain vigilance, says DTCC's Parthiv Shah.

App developers and privacy practices: Preach what you practice

App developers and privacy practices: Preach what you practice

Now is the time to prepare and post a privacy policy in a conspicuous place, says Stephen Wu.

Executive order can provide boost

Executive order can provide boost

The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.

Cyber war, this is not

Cyber war, this is not

Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.

Before you take the plunge...

Before you take the plunge...

Prior to a job switch, ask questions to learn if the company you are considering is in good shape, says former Yahoo CISO Justin Somaini.

Sharing is caring: Take advantage of ISAC

Sharing is caring: Take advantage of ISAC

Security pros should be less secretive, says New York City CISO Dan Srebnick.

Nurturing females for STEM posts

Nurturing females for STEM posts

If we want the best minds, we can no longer look to only half the population, says Karen Purcell.

Cyber laws may need tweaking

Cyber laws may need tweaking

2013 may be the year that U.S. companies strike back at their cyber adversaries, says Taia Global's Jeffrey Carr.

Take to the offense with intel

Take to the offense with intel

Though standards lack, sharing threat data is vital, says EMC's Christopher Harrington.

A public cloud conundrum

A public cloud conundrum

We must resolve issues around data sovereignty, says Capgemini's Joe Coyle.

Flame is lame? Not so much.

Flame is lame? Not so much.

Flame's cryptofunctionality silenced all the haters, says F-Secure's Mikko Hyppönen.

New partnerships required

New partnerships required

Only through collaboration can government and the private sector thwart cyber attacks, says Raymond Choo.

SEC rules: A serious development

SEC rules: A serious development

Expect a sea change in digital security over the coming years, says Richard Bejtlich.

Big Data requires new skills

Big Data requires new skills

Today's firms must identify people who have knowledge from disparate areas, says Tracey Wilen-Daugenti.

Mitigating the next WikiLeaks: Insider threats

Mitigating the next WikiLeaks: Insider threats

The operating environment itself must be altered, says Verdasys' Dan Geer.

David can be Goliath

David can be Goliath

Be patient and give staffers a real chance to show their stuff, says Michael Potters, CEO of the Glenmont Group.

Chinese hacking may slow, but...

Chinese hacking may slow, but...

...nevertheless, companies need to do a better job of protecting IP, says Adam Segal.

State breach rules need revamp

State breach rules need revamp

Data protection laws can be more effective if simpler, says JAS Global Advisors' Jeff Schmidt.

Revolution is in the air: Re-examine existing practices

Revolution is in the air: Re-examine existing practices

It's time to rethink the basic approach to protecting our businesses, and new technologies are leading the way, says Cisco CSO John Stewart.

We are our own worst enemy

We are our own worst enemy

To avoid past mistakes, one should appeal to outside experts, says Kyrus CTO Michael Tanji.

A road littered with hazards: Anti-malware efforts in the wild

A road littered with hazards: Anti-malware efforts in the wild

At present, unlike car safety, there are no standards for malware prevention, says George Ledin, a professor at Sonoma State University.

Cloud: A risk/reward proposition

Cloud: A risk/reward proposition

Assessing what level of risk is acceptable to one's business is key to any move to the cloud, says Siobhan Byron, president of Forsythe Technology Canada.

The new breed of attackers

The new breed of attackers

The time is ripe for open dialogue around teaching trust, says RSA Conference's Hugh Thompson.

It's time to tell clients the truth

It's time to tell clients the truth

What customers want to hear is that they can solve any problem by simply writing out a purchase order. And we in the security industry are all too happy to accept the purchase order for our devices, software and services. But...

Will mobile kill user privacy?

Will mobile kill user privacy?

The internet is evolving to deliver individualized experiences, but at what cost to privacy, asks Forrester's Chenxi Wang.

Discover your data to protect it

Discover your data to protect it

Data discovery is a fundamental factor in risk mitigation, says PixAlert CEO Gerard Curtin.

Diversity breeds system resilience

Diversity breeds system resilience

IT managers should consider the benefits of non-interoperable platforms, says AT&T's Ed Amoroso.

Are you prepared for a breach?

Are you prepared for a breach?

A prudent firm should not wait until a clear and direct obligation exists before taking steps to secure its systems and processes.

Before tech, process and policy

Before tech, process and policy

Data leakage prevention (DLP) is garnering a lot of attention as a cure-all for risk management.

Smart mobile app development

Smart mobile app development

Mobile threats will soon be used to gain access to personal and business devices, says Sean Martin.

M&A changing the IT landscape

M&A changing the IT landscape

Large vendors are bundling major components of information security into their stack offerings, says TheInfoPro's Ken Male.

Deloitte principal: Adopt a proactive approach for security

Deloitte principal: Adopt a proactive approach for security

Now is the time to redefine your approach to face today's threats, says Irfan Saif, principal at Deloitte & Touche.

Invest in the right people and tools

Invest in the right people and tools

Solely relying on your vendors is a mistake, says Sourcefire's Matthew Olney.

PCI DSS for small merchants

PCI DSS for small merchants

All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.

Spend more now, pay less later

Spend more now, pay less later

It is difficult to measure exactly what the ROI is for security, particularly when you haven't suffered any type of breach, says McAfee's Alex Thurber.

Make privacy a corporate priority

Make privacy a corporate priority

Now is the time to make privacy a corporate priority, says Craig Spiezle of the Online Trust Alliance.

Embracing the social network

Embracing the social network

Social networks must be adopted in the enterprise...with precautions, says Rick Tracy.

Today's CISO can sink or swim

Today's CISO can sink or swim

Leave behind technological baggage and build business, says Verdasys' Emeric Miszti.

Securing virtual worlds

Securing virtual worlds

VWs require developers to be vigilant for new vulnerabilities and attacks, say Barbara Endicott-Popovsky and Aaron Weller.

Coordinating is key to success

Coordinating is key to success

A lot's been done to secure the nation's critical assets, but challenges remain, says the DoD's Robert Lentz.

Bringing clarity to the cloud

Bringing clarity to the cloud

REST has emerged as a core enabling "architecture" for cloud services, says AmberPoint's Andrew Brown.

Cloud investment can pay off

Cloud investment can pay off

Enterprises understand their reputation is on the line when things go wrong, says Jeremiah Grossman.

Sign up to our newsletters

POLL