While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.
A successful security professional will tap into an organization's entire employee base to get results. And the benefits will go both ways.
For moving core apps to the cloud or implementing new systems in companies' internal environments, IT project managers are in great demand.
Marty Edwards' job is to coordinate efforts between the government and the private sector.
As nations engage with one another in shadowy conflicts taking place in the digital sphere, experts are questioning whether treaties and rules that were created for kinetic fighting apply to a new era of combat.
For our May issue's "threat of the month," we focused on pdf.exe.zip files, an old-style email executable attachment attack.
In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.
Employees lack the training to collect and preserve email and electronic evidence.
The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.
Are we creating a cyber professional salary bubble that will eventually burst, asks Holly Ridgeway, SVP and CISO enterprise systems at PNC.
How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?
A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).
April's "threat of the month" are Universal Plug and Play (UPnP) vulnerabilities, which allow attackers to execute arbitrary code.
In this month's debate, two experts discuss whether or not China is the top cyber threat to the United States.
Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.
Unfortunately, data security and regulatory compliance requirements do not evaporate in the public cloud, says Vormetric's Ashvin Kamaraju.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
Cyber espionage is at an all-time high, and businesses across the United States are being targeted and breached, says Phillip Ferraro, CISO, DRS Integrated Defense Systems and Services.
Among the humdrum there are cyber events cropping up here and there that breed excitement.
Lets just stop preventing what seems to be unavoidable and figure out how to enable our users to operate securely on a completely compromised device.
Finance companies should adopt an approach of least privilege, which takes into account security and productivity by granting users only the rights necessary to carry out their jobs.
While intellectual property theft at the hands of regular employees may not yield the provacative headlines as a Chinese military unit spreading APTs from an office in Shanghai, the former scenario is the more likely one.
Security professionals must toe the delicate line of assessing and responding to legitimate risk and being mindful of an organization's needs. Working in their favor is belief that protecting sensitive data is a fundamental component of any business operation.
As interest in the public cloud remains strong, a security expert makes sense of new recommendations for securing payment card data in those environments.
Tupac Shakur once sang, "The old way isn't working so it's on us to do what we gotta do to survive." That too goes for information security professionals, who are being tested like they've never been tested before.
Cyber war is not as common as the mainstream news cycle would have us believe, but its definition is not as cut-and-dry either. Just because nothing is blowing up doesn't mean it isn't happening. It's all about the context.
From "booth babes" to vapid marketing lingo to directionless conversations with vendor reps, one industry veteran wonders how information security professionals can take the RSA Conference showroom floor seriously.
Offering up more general guidelines to strengthen the country's critical infrastructure security - as in the president's recent executive order - is all well and good, but without any meaningful and enforceable requirements then, really, what's the point?
Dominic Vogel, IT security analyst at a financial institution in British Columbia, Canada, shares how he entered the information security field and the challenges he faces.
This month's featured debate informs whether the FTC should have the right to penalize companies for poor data security/privacy practices.
IT trends - cloud, social networking and BYOD - are making the practice of security management complex, and are forcing organizations to shift to a risk-management perspective.
Prior to a job switch, ask questions to learn if the company you are considering is in good shape, says former Yahoo CISO Justin Somaini.
Information security executives must work to "engineer" their organizations to be better, faster, cheaper - and more secure, says Rafael Diaz, CISO, state of Illinois.
We can prepare for whatever is over the horizon by enhancing our security architectures to prioritize our most important assets, while accounting for the changing attack vectors threatening them.
The number of internet-connected devices is increasing exponentially and faster than anyone can manage or secure them.
One of sternest challenges for security professionals is finding the person who can best communicate the significance of data protection to senior management. It can be done, but sometimes it takes a little bit of luck.
The days of refusing to look for possible IT and security threats with the potential to result in the loss of customer data are over.
As the bring-your-own-device movement becomes commonplace and better managed, it's time for security pros to move their focus toward securing the mobile application.
This phenomenon sees applications designed for consumers - such as Dropbox, Skype, Google Apps, WordPress, GoToMyPC - finding their way into the corporate tool box.
The increase of systems automation and monitoring within manufacturing companies has led to increased demand for certified automation systems professionals.
This month's "Me and my job" features the University of Connecticut's senior network technician, Mike Lang.
This month's debate covers Hacktivist group Anonymous. Will they take a backseat to more extremist groups in 2013?
The ever-changing nature of malware generates anomalous network behavior that can be detected by leveraging large corpuses of data collected from multiple observation points.
Security pros should be less secretive, says New York City CISO Dan Srebnick.
The data center business model must evolve with cloud's demands, says NJVC's Kevin Jackson.
I was dismayed and disturbed by the suicide of Aaron Swartz, which only added to well-rooted revulsion for the relentlessness of legal actions against him.
A more substantial enterprise mobility framework can be conceived with a combination of NAC, MDM and MAM based on organizational requirements.
If properly cultivated through effective education programs, employees can shed the moniker of "weakest link" and become an organization's greatest security asset.
There's no denying that CSOs will have to deal with bring-your-own-device sooner or later, but ultimately it will lead to an enhanced workforce.
When seeking to attack social networking sites, miscreants don't even have to bother with the client or the server, yet a similar outcome could result. Now is the time for these platforms to prepare for what's to come.
When building new systems, security must be as foundational as performance and capability. Because without such a model, the risks associated with today's IT environments will only worsen.
Bring-your-own-device (BYOD) has emerged as an institution in corporate America today - but does the acronym stand for bring your own device or bring your own disaster?
As threats grow in complexity, many organizations rely on managed security service providers to handle security operations center (SOC) capabilities.
This issue's "Me and my job," features Alex Nehlebaeff, information security manager at Harley-Davidson Financial Services.
Debate: Bug bounty programs - offering monetary rewards to researchers - help make companies more secure.
The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like.
If we want the best minds, we can no longer look to only half the population, says Karen Purcell.
As we start 2013 off, I'm pretty sure that information security leaders everywhere are glad to hear all those predictions about their budgets getting a boost this year (and that the Mayans were wrong).
If no one can guarantee an organization is hack-proof, then perhaps it's time for a more practical approach - cyber liability insurance.
As employees use more consumer-grade applications and access more corporate data from unmanaged mobile devices, the network perimeter continues to disappear - along with IT's ability to enforce appropriate security controls.
BYOD has empowered the modern workforce, improved productivity and allowed companies to deliver better services to customers and partners. Forrester sees a continuation of this trend into 2013 and beyond.
The best run organizations can find a number of blunders lurking in their firewall rules.
When you consider how many stakeholders are invested in Microsoft's Patch Tuesday, it's no wonder the monthly affair stirs up so much energy in the cyber world.
Distributed denial-of-service attacks are becoming more potent, and truth be told, they're often difficult to stop.
With a new year come new challenges. But while many see bring-your-own-device gaining momentum, more organizations may be ready to issue their own handhelds to employees.
Understanding your organization's security posture can mean the difference between data that's protected from attackers and a breach that can result in major financial and reputational harm.
The convergence of communications, VoIP and multimedia systems (video conferencing, webinars, peer-to-peer) has increased the demand for engineers capable of designing and managing systems.
A Q&A with Brian Calkin assistant director, Multi-State ISAC Security Operations Center at the Center for Internet Security.
As the threat landscape continues to evolve, one malicious tactic has stood the test of time: distributed denial-of-service attacks (DDoS).
From stealthy to blatant tactics, 2012 has seen them all.
We all know what we spend internally, but how do we get reliable, timely information for comparison purposes?
2013 may be the year that U.S. companies strike back at their cyber adversaries, says Taia Global's Jeffrey Carr.
As network security grows more elusive, CxOs need to ask their IT departments some tough questions.
This is the age of bring-your-own-device, and it is too late to turn back now.
Comprehensive cyber security legislation (or a presidential executive order) will happen in 2013.
From mobile devices to the cloud to the supply chain and beyond, next year is certain to bring with it fresh set of information security challenges.
Companies that acquire patents for sole purpose of suing other companies is limiting IT security innovation, which, in turn, is making users less safe.
It's true: There are certain attacks that no security technology will be able to stop. But the situation isn't entirely hopeless. How organizations respond to an active threat can make all the difference in the world.
As the level of sophistication of digital attacks grows rapidly, targeted organizations must devise a strategic, military-like response.
The theater of risk has changed from network service-based attacks to attacks against the endpoint.
Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.
A Q&A with Grant Babb, proactive investigations program manager for Intel IT.
Sixty percent of the venture-backed IPOs issued in the third quarter of this year are IT related.
While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.
Though standards lack, sharing threat data is vital, says EMC's Christopher Harrington.
Among the some 400 attendees at last month's SC Congress New York, fears bandied about crossed various spectrums.
As device adoption continues to grow, the importance of implementing a secure enterprise mobility program cannot be understated.
Stuxnet kicked things off, and since then, there's been an explosion in sophisticated viruses targeting businesses and critical infrastructure in the Gulf region. But, prevention is still an option.
The plot of "Skyfall," the 23rd installment of the James Bond franchise, is built around the theft of a hard drive containing personal information of a bunch of secret agents.
Companies are permitting BYOD even if they have policies against it. But a set of best practices, covering areas such as IT inventory and device detection, can mitigate many of the corresponding risks.
As the threat landscape evolves, more organizations are finding themselves responding to security incidents.
David Balcar, security adviser practice manager at Novacoast discusses various aspects of his job.
With billions of devices worldwide running Java, Oracle faced a debacle in August as the details for two zero-day exploits in its popular software were leaked and actively used in attacks.
Debate: Flame, Stuxnet and other APTs are hype, but you should still be extremely worried.
In the age of mobile, social and cloud, the so-called perimeter that businesses have been protecting for years is now dead.
Most BYOD discussions focus on technical issues, such as how to identify offending devices, how to keep them off the network, or how to limit the types of devices. But nobody is talking about the human element.
We must resolve issues around data sovereignty, says Capgemini's Joe Coyle.
Isn't Wyndham Hotels and Resorts culpable for failing to enlist industry standards and implement security practices and tools to protect customer accounts?
The Payment Card Industry Security Council is working to foster greater PCI expertise across the industry.
With DDoS attacks garnering more public attention than ever, crooks are taking advantage of the craze by providing online attacks in exchange for cash. What can your company do to avoid being a successful target?
