Disruption is expected; financial crime should be, too.
James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.
This month's vulnerability is currently being exploited by a worm known as "TheMoon."
In this month's debate, experts discuss whether whistleblower Edward Snowden should be granted amnesty.
Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.
Many CIOs are still unsure what role governance should play in their data archiving strategy.
Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.
Despite the bullishness around information security planning and budgeting seen in the results of our survey, we're still seeing breaches like those experienced by Target
Watching highly publicized supply-chain disasters unfold, we shake our heads in disbelief - but what supply chain risks are you taking today that would be difficult to defend tomorrow?
It's how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.
Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.
The average consumer has 40 or more apps installed on their mobile device, many of which they use to do their jobs, whether IT has sanctioned its use or not. The problem is that creates a "shadow IT" system.
John Gibson discusses the challenges and rewards of his security role at tTech Ltd. as the senior IT security officer.
For March's threat of the month, Secunia's Kasper Lindgaard believes Java vulnerabilities should be at the top of everyone's radar.
In this month's debate, experts discuss the possible issues that the Internet of Things presents for the industry.
Cloud computing is becoming a reality that will need to be addressed by every security department.
Has mobile malware changed through time as dramatically as the headlines might imply?
We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.
It's time to admit that the bad guys can always make a first move, says Damballa's Manos Antonakakis.
In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.
The needs of the organizations we protect are complex and the response required due to the criticality of the services we provide tends to put our multi-faceted operations in a state of flux, says Roland Cloutier, CSO, ADP.
The tools that organizations have relied on to protect their networks are antiquated and no longer work.
Today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether.
For those of us tasked with managing the security of the digital world for the enterprise, there are serious ramifications to this evolution of identity. Specifically, how we manage identity must evolve.
Two things needed to become widely available for cyber criminals to further expand the threat landscape - a network infrastructure that allows them to operate under the radar, and currency that would let them conduct commerce anonymously.
The best aspect of opportunistic encryption is in the fact that it can be built into our infrastructure and deployed transparently for everyone.
We take a look inside the professional world of Mat Gangwer, security architect at Rook Security.
The continued leak of classified government intelligence documents by Edward Snowden draws into question the balance of offensive and defensive capabilities of governments.
In this month's debate, experts discuss the importance of Big Data analytics in the industry today.
Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.
Following revelations of a massive breach during the holidays, Target announced it will be investing some $5 million in a cyber security coalition, researching cyber crimes and then educating us, the masses, about ways we can avoid becoming victims.
There are six security threats all businesses should be aware of for 2014, says ISF's Steve Durbin.
With the advent of nearly omnipotent video surveillance, the age-old saying "a picture is worth a thousand words," scares me more today than it ever has.
Asian nations are producing nurturing communities of security professionals that are more prepared to deal with a rapidly changing environment.
The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.
Although some progress has been made in the availability of data, we are far away from having the transparency required for risk management.
We knowingly, and sometimes unknowingly, interact with the Internet of Things on a daily basis in both our professional and personal lives.
The mobile workforce - no longer satisfied with limited access - wants access to all the applications and data needed to perform all job tasks from a multitude of personal mobile devices, anywhere, anytime.
As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions that offer comprehensive security to provide a multi-layered security solution.
The cyber threat landscape has always been in flux and will continue to evolve. However, it seems the pace of change has increased significantly in the past few years alone.
Anyone designing a new system such as this should take security into account from the beginning. The amount of personal information that could be harvested by any breach is truly alarming.
From Adobe to Facebook, security breaches continue to be top-of-mind for both companies and users, and organizations around the globe are all wondering if they are next in line to deal with a breach of their own.
When we think about criminal hackers, we picture a techie who lives and breathes code. But more recently, another picture comes to mind. When you get right down to it, hackers are people, too.
Privacy, as some of us once knew it, is a thing of the past, says Illena Armstrong, VP, editorial, SC Magazine.
This month's "me and my job" focuses on John Dickson, principal at Denim Group.
In this month's debate, experts discuss whether more guidance on security career opportunities for youths will alleviate the skills gap.
Network-connected-and-configured devices can be infected by malware that provides access to patient data, monitoring systems and implanted patient devices.
As more and more organizations fall victim to data leakage, it seems that as long as no financial data is compromised, consumers seemingly don't care.
The malicious insider or outsider does not stop on the first attempt, says Verdasys' Peter Tyrrell.
I enjoy conducting security awareness training as it allows me to emphasize the importance of security to the organization, says David Sheidlower, CISO, Health Quest Systems.
It has been said that encryption simply trades one secret (the data) for another (the key). In the same way, encrypting data naturally shifts attention to that which is not protected: the metadata.
While year-end security predictions generally fail at accurately predicting much that wasn't an already a foregone conclusion, they're really more about we know right now, and there is value in that.
Big Data will become "The next big thing" - a critical re-evaluation and re-tooling of our analytical abilities. This is not about being able to query more data, but being able to query all data.
Chief information officers across the country are keenly aware of the threat not only to their intellectual property, but ultimately to their bottom line.
Vint Cerf's recent comment about privacy being an anomaly and a challenge that is too difficult to implement is unacceptable.
While information is crucial to improving an organization's posture in the marketplace, it also creates a centralized target for cyber criminals which may result in destructive data breaches.
Will 2013 be remembered as the year that DevOps accelerated into the IT mainstream or became just another trend that died in the "hype cycle"?
There are signs that indicate that in the year ahead, we will see more companies develop a proactive, strategic security program and supplant the traditional notion of "achieving compliance" as an equivalent to security.
Based on the increasing volume of data businesses now manage, and the growing capabilities of cyber criminals, certain scenarios will become commonplace in 2014.
Again, it's the time for the annual "doom and gloom" security outlook for the coming year. Understandable, when after a busy season of attacks it seems likely that next year will only bring worse.
I'm not a big predictions guy. I don't own a crystal ball, though I have been known to ask questions of my daughter's "Magic 8-Ball" on occasion. When it comes to enterprise IT, however, I do have some strong opinions about what 2014 will bring.
With this year's holiday season here, online retailers should be focused on preparing their networks for increased traffic as well as protection from cyber threats.
As if 2013 was not exciting enough in the world of cyber security, 2014 will continue to keep us on our toes.
We will not only see a new level of where the bad guys will target but how and what they are attacking, namely hardware. Here are the areas which deserve attention in 2014.
The use of two-factor authentication, along with advancements in 3-D camera and facial recognition technology, will soon come together as one.
The need for computer forensic examiners (aka "CFE") is on the rise.
BitDefender's Alexandru Catalin Cosoi discusses role and what he'd like to see occur in the security space.
December's threat of the month is domain hijacking, a popular attack technique that takes over major domains.
In this month's debate, experts discuss whether the biometrics on Apple's iPhone 5s will evolve the security of personal devices.
We must stop the insanity by focusing on the data and controlling privileged user access.
The right form of network security can - and will - support continuous monitoring and network security management initiatives.
Don't hang your hat on enterprise app store security, says Jack Walsh at ICSA Labs.
Like no other year before it, 2013 illustrated for the entire globe just how essential cyber security is to business endurance, economic durability and personal rights to privacy.
Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.
A strong cyber threat intelligence program should include proactive analysis of network traffic, testing of theories based on our understanding of human behavior.
As long as we treat personal information as property, we are faced with an unavoidable dilemma. If we are data and data is property, then we may become property.
One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.
The Tesla fire does not have anything to do with DDoS attacks, but there is one valuable lesson to be learned: Organizations could be better prepared to perform like a Tesla on fire when they face a DDoS attack.
The time and energy to optimize a service or process is often seen as an unaffordable luxury, says Jesse Bowling senior information security engineer, American University.
This month's threat of the month is the major zero-day vulnerability that affects Internet Explorer versions 6 through 11.
In this month's debate, we received a number of responses to our debate topic this month, which covers the NSA's attempts to crack encryption methods.
CSOs need to be able to function at the highest levels of an organization while not being tethered to a specific department or operational function.
The first step toward better protecting an organization is to learn how cyber attacks work.
We don't need to make the same mistakes of the first generation of PCs and servers, says the SANS Institute's John Pescatore.
Most agree, CISOs are at a crossroads now, says Illena Armstrong, VP, editorial, SC Magazine.
Using Big Data for security is the "new hotness," says Holly Ridgeway, SVP and CISO enterprise systems at PNC.
Why does the lure of the cloud tempt businesses to put ever more sensitive data at risk? Richard Moulds, VP of strategy at Thales e-Security examines the situation.
Since NIST has no regulatory or statutory authority to enforce its use, the Framework must include specific information and guidance that business leaders will want to follow.
Web attacks are a constant, known enemy of every organization. As we're currently in Cyber Security Awareness Month and web attacks are more frequent than ever, web security is in fashion.
In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.
It's surprisingly easy for an attacker to set up a rogue wireless access point with open access and perform a MiTM attack, gaining access to a wealth of sensitive information.
Open source is growing in the enterprise, but oftentimes when people think of open source, they are concerned about the potential security issues.
This month we asked Gregory Gong, managing partner, Wall Street IT Management, about his job.
October's threat of the month allows for remote code execution vulnerabilities to affect Java prior to version 7 Update 25.
In this month's debate, experts discuss whether the Computer Fraud and Abuse Act is out of date, and if punishments are disproportionate to offenses.
By mining log data and managing it proactively - instead of ignoring it until something goes wrong - organizations can mitigate risk, ensure service availability and promote operational efficiency.
Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims.
Cloud providers must be evaluated before moving operations, says the DTCC's Mark Clancy.
Still more revelations about National Security Agency (NSA) operations and practices that intrude on U.S. citizens' privacy and seemingly make a mockery of Constitutional rights have emerged, leaving both the general public and experts in the technology space reeling.
A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.