The new federal CISO should be a champion for the role of information security not just in the public sector, but across all walks of American life, from business to school to home.
Dr Jules Pagna Disso explains why phishing remains one of the most successful forms of attack, and why staff education is key to tackling the problem.
My gender doesn't matter, but my skills and actions do, says Caroline Wong, security initiative director, Cigital.
Employ cyber hunters who can find malicious activity within the network, says Kristin Lovejoy.
Accomplished, intelligent and experienced women are filling executive leadership roles, says Illena Armstrong.
Cloud access security brokers are becoming a key initiative for many CISOs, says Latha Maripuri, SVP and global CISO, News Corp.
You can map your own route to a cybersecurity career, says HPE's Jewel Timpe.
In an increasingly connected world, we will need the right security, in the right place, at the right time, says Cisco CSO Edna Conway.
It's difficult to predict how the global and British economies will react to Brexit in the long run, however UK Cyber-security every chance of staying in very good shape says Ilia Kolochenko.
Chief Information Security Officers (CISO) today no longer sit in the IT and security corner doing "techie" things.
Me and my job: Satyam Tyagi CTO, Certes Networks
Skills in demand: June 2016
Debate: Vendor VPNs: Good Idea?
For thieves, exploit kits are little efficiency machines, says Dell Security's Dmitriy Ayrapetov.
IoT devices can be a game changer, but unfortunately many are designed for convenience and functionality without security in mind.
A federal data breach notification law would provide much needed uniformity, says David R. Singh.
Taking a methodical approach to security, risk and governance planning must be part of the foundation of every organization these days, says Illena Armstrong, VP of editorial, SC Magazine.
The IoT isn't just about thermostats and internet-connected refrigerators, says Bruce Forman CISO, UMass Memorial Medical Center.
A criminal enterprise well known for using malware-laced fake display ads is ramping up efforts by infecting dozens of popular websites using a recently patched Flash Player exploit to deliver the Angler EK in a drive-by style attack.
Attack vectors multiply as more devices connect to enterprise environments, says IANS's Chris Poulin.
As more and more organizations encourage consumers and clients to visit their websites to conduct business or shop the application security engineer is highly sought after.
Me and my job: Joel D. Rader, solution architect, Radiant Logic
Debate: Forensics staff will be replaced by robots.
Government surveillance is, however, not new, says Patrick O'Kane, barrister and compliance counsel.
A communication gap exists today between CISOs and the board of directors, says Feris Rifai, CEO, Bay Dynamics.
Even with all the hoopla, there are CISOs still having challenges, vendors that aren't meeting needs, and companies still giving security short shrift, says Illena Armstrong, VP editorial, SC Magazine.
Security is a business risk that needs to be understood and owned by your business leaders, says Jeff Brown, former technology risk officer, AIG.
IT security is finally becoming a priority - not only for IT professionals in every industry, but also for the C-suite, says Marcin Kleczynski, CEO, Malwarebytes.
If your organization is connected to the Internet, you are very likely engaged in cyber warfare whether you like it or not.
Me and my job: Karthik Rangarajan security engineer, Addepar
Debate» To automate or not? You must realize the limitations of your incident response technology.
If Apple complies, the FBI would have the ability to compromise personal security when it wishes, says Ryan O'Leary, VP of Threat Research Center, WhiteHat Security. .
In cases where terrorist attacks are carried out state-side, it is vital that intelligence be obtained, says J.J. Thompson, CEO, Rook Security.
Effective detection is comprised of several parts, says Cyphort's Nick Bilogorsiy.
Talk of attack prevention is antiquated, says Illena Armstrong, VP editorial, SC Magazine.
I am recommending we develop a paradigm shift in the way that we view data breaches, says Zachery S. Mitcham, CISO, University of North Carolina Wilmington.
It's anyone's guess what the outcome of the upcoming Brexit vote will be, but it could create significant turmoil, says IBM's Jon Wilkinson.
Me and my job: Mushegh Hakhinian chief security architect, Intralinks
Threat of the Month: Executive staff/middle management
Debate: Closing the security gap is a people problem.
Having a security awareness program in place can have an innumerable ROI.
Why retrospective data analysis is critical after a security breach.
With the use of social media, HR and IT must work together to ensure that both employees and company data stay secure.
The health care industry must step up when it comes to addressing its steady stream of IT security risks, says Illena Armstrong, VP, editorial, SC Magazine.
Recently, there has been an increased intensity in scrutiny of the world's electric grids, says Edna Conway, CSO, global value chain, Cisco Systems.
Gina Chapman, senior director of security operations, Center for Internet Security
Researcher Wesley Wineberg said he's been censured due to his participation in the Facebook bug bounty program.
Threat of the month: Man-in-the-middle attack
Debate: Cybersecurity information sharing allows network defenders to stay ahead of adversaries.
Security awareness training aims not only to impart information, but also to change behavior.
Open source code might be presumed mature, but could rely on technology developed a decade earlier.
Ransomware is a complex threat, but its impact can be lessened, says Thomas Gresham.
New year commitments by the lone individual also could be adopted by the larger organization.
Many companies are establishing formal security programs for the first time or are seeking to optimize existing programs to improve the level of maturity.
A combination of machines and humans is key to risk management, Carole Fennelly says.
A combination of machines and humans is key to risk management, says Cisco CSO Edna Conway.
Many organizations still hesitate to move to the cloud. Why?
This year has been marked by the almost daily occurrence of some information security-related incident or another.
We've all received a call at one point or another from the fraud protection departments of our credit card providers, telling us they've detected some suspicious activity on our accounts and would like to verify a few recent charges.
The Internet of Things is one of the world's fastest growing technologies. Unfortunately, it is also poised to become the fastest growing source of security vulnerabilities in the enterprise - but it doesn't have to be that way.
The latest cyber attack, a breach compromising the data of up to four million of Talk-Talk's loyal customers, is yet another in a growing line of pernicious cyber attacks against corporate infrastructure.
There are legal issues and technical vulnerabilties aound the use of fingerprint scanners on mobiles, hence, Anthony Neary says, it is vital to have a mix of solutions which enable maximum possible security.
While there is a regular discussion of how to prevent successful phishing attempts, one of the most successful approaches is ongoing employee training, says Colin McKinty, VP Cyber Security Strategy at BAE Systems Applied Intelligence.
The demand for security DevOps engineers is growing.
Me and My Job: Rick Collette, devops team lead, Evident.io
many enterprises are turning to security consultants to perform assessments of their systems, says Michael R. Overly attorney, Foley & Lardner.
The one-throat-to-choke theory is a fallacy, says David Shearer, CEO, (ISC)².
As mainstream users become more expectant of massive compromises of personal information, cybercriminals show no sign of giving up on using current tactics and finding new ones to steal data whatever their endgames may be.
Lena Smart, VP / CIO of the New York Power Authority, offers a few tips for freeing yourself from mobile addiction.
Experian breach is more than just another hack as cross referencing of data sets opens up even more scope for ciminal activity says Max Vetter
Pete Shoard asks how powerful are less developed countries such as North Korea when it comes to cyber-threats, and can it be regarded as a major player in cyber-warfare anyway for the impact it has achieved?
Instead of hoping for your end-users to make the right decision or your DLP solution to make the right guess, data protection solutions need to be context-aware.
In the wake of the SYNful Knock attack on its routers, Cisco should re-engineer its devices to prevent future attacks, says Raimund Genes.
Skills in demand: Security engineer, identity management
Me and my job: Surendhar Subramani, senior information security consultant, Ernst & Young, India
Debate: What is the edge of IoT security responsibility? Will device-level security testing be enough?
Debate: What is the edge of IoT security responsibility? Will device-level security testing be enough?
Can U.S. data protection laws protect privacy and preserve tech innovation and intellectual property?
The impact of Canada's anti-spam legislation for companies big and small.
Containment solutions can help stop the spread of malware, says Bufferzone CEO Israel Levy.
Our working hours may grow longer, more demanding and more exposed as the Internet of Things (IoT) continues its fast evolution.
Many organizations are also investing heavily to hire top-notch CISOs to fill the presumed leadership gap in security.
Organizations need a solution that is built for the container pattern, says John Morello.
A leak, a hack, or a simple mistake can blow up any M&A deal carefully crafted over months or even years, says Stephen Dearing.
David F. Katz, partner, Nelson Mullins
Debate: Device manufacturers take a comprehensive approach to securing consumer products.
As mobile and cloud dominate the future of the enterprise, security and accountability are falling through the cracks.
The mobile malware threat is mostly based on hype, not facts.
Companies can benefit by using a complex security approach, says A1QA's Aleksey Abramovich.
The questions regarding a more consistent reliance on offensive capabilities are concerning.
Public and media focus on data breaches and regulatory fees have dramatically deepened the focus on information security for executive boards.
Why is there a lack of women in IT security?
While we continue to make headway toward embracing a diverse workforce in the IT security field, we're still far from fully realizing this end.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!