Gina Chapman, senior director of security operations, Center for Internet Security
Researcher Wesley Wineberg said he's been censured due to his participation in the Facebook bug bounty program.
Threat of the month: Man-in-the-middle attack
Debate: Cybersecurity information sharing allows network defenders to stay ahead of adversaries.
Security awareness training aims not only to impart information, but also to change behavior.
Open source code might be presumed mature, but could rely on technology developed a decade earlier.
Ransomware is a complex threat, but its impact can be lessened, says Thomas Gresham.
New year commitments by the lone individual also could be adopted by the larger organization.
Many companies are establishing formal security programs for the first time or are seeking to optimize existing programs to improve the level of maturity.
Many organizations still hesitate to move to the cloud. Why?
This year has been marked by the almost daily occurrence of some information security-related incident or another.
We've all received a call at one point or another from the fraud protection departments of our credit card providers, telling us they've detected some suspicious activity on our accounts and would like to verify a few recent charges.
The Internet of Things is one of the world's fastest growing technologies. Unfortunately, it is also poised to become the fastest growing source of security vulnerabilities in the enterprise - but it doesn't have to be that way.
The latest cyber attack, a breach compromising the data of up to four million of Talk-Talk's loyal customers, is yet another in a growing line of pernicious cyber attacks against corporate infrastructure.
There are legal issues and technical vulnerabilties aound the use of fingerprint scanners on mobiles, hence, Anthony Neary says, it is vital to have a mix of solutions which enable maximum possible security.
While there is a regular discussion of how to prevent successful phishing attempts, one of the most successful approaches is ongoing employee training, says Colin McKinty, VP Cyber Security Strategy at BAE Systems Applied Intelligence.
The demand for security DevOps engineers is growing.
many enterprises are turning to security consultants to perform assessments of their systems, says Michael R. Overly attorney, Foley & Lardner.
The one-throat-to-choke theory is a fallacy, says David Shearer, CEO, (ISC)².
As mainstream users become more expectant of massive compromises of personal information, cybercriminals show no sign of giving up on using current tactics and finding new ones to steal data whatever their endgames may be.
Lena Smart, VP / CIO of the New York Power Authority, offers a few tips for freeing yourself from mobile addiction.
Experian breach is more than just another hack as cross referencing of data sets opens up even more scope for ciminal activity says Max Vetter
Pete Shoard asks how powerful are less developed countries such as North Korea when it comes to cyber-threats, and can it be regarded as a major player in cyber-warfare anyway for the impact it has achieved?
Instead of hoping for your end-users to make the right decision or your DLP solution to make the right guess, data protection solutions need to be context-aware.
In the wake of the SYNful Knock attack on its routers, Cisco should re-engineer its devices to prevent future attacks, says Raimund Genes.
Skills in demand: Security engineer, identity management
Debate: What is the edge of IoT security responsibility? Will device-level security testing be enough?
Debate: What is the edge of IoT security responsibility? Will device-level security testing be enough?
Can U.S. data protection laws protect privacy and preserve tech innovation and intellectual property?
The impact of Canada's anti-spam legislation for companies big and small.
Containment solutions can help stop the spread of malware, says Bufferzone CEO Israel Levy.
Our working hours may grow longer, more demanding and more exposed as the Internet of Things (IoT) continues its fast evolution.
Many organizations are also investing heavily to hire top-notch CISOs to fill the presumed leadership gap in security.
Organizations need a solution that is built for the container pattern, says John Morello.
A leak, a hack, or a simple mistake can blow up any M&A deal carefully crafted over months or even years, says Stephen Dearing.
David F. Katz, partner, Nelson Mullins
Debate: Device manufacturers take a comprehensive approach to securing consumer products.
As mobile and cloud dominate the future of the enterprise, security and accountability are falling through the cracks.
The mobile malware threat is mostly based on hype, not facts.
Companies can benefit by using a complex security approach, says A1QA's Aleksey Abramovich.
The questions regarding a more consistent reliance on offensive capabilities are concerning.
Public and media focus on data breaches and regulatory fees have dramatically deepened the focus on information security for executive boards.
Why is there a lack of women in IT security?
While we continue to make headway toward embracing a diverse workforce in the IT security field, we're still far from fully realizing this end.
How you are securing your sensitive information should not be a guessing game
Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.
Invest in the talented women on your team, says Joyce Brocaglia.
The need for experienced incident response professionals is outstripping the available supply of talent.
Mikel Draghici, principal mobile security specialist, Usher
After 30-plus years as an official in the National Security Agency (NSA), William Binney has been speaking out about what he sees as the "very ugly path" his former employer, along with the FBI and CIA, are currently following.
Threat of the Month: Cryptolocker
Debate: The Pentagon's strategy to use cyberwarfare in conflicts with enemies is necessary.
Congress took significant action in April to address cybersecurity information-sharing efforts.
You can't hire quality information security talent the same way you hire customer service reps.
There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..
Cisco Systems CSO Edna Conway calls for action to stop the risks of counterfeit or tainted information.
Debate: Congress should mandate that the payment card industry adopt safer technology.
Much needs to be done to convince boardrooms of the importance of information security.
It's time for a dramatic reimagining of how companies approach security.
A single solution won't stop data theft, says ADP's Roland Cloutier.
Trust directly correlates to our expectations of privacy, says Illena Armstrong, VP, editorial.
It is important for everybody to stay vigilant when online, says Lena Smart, CIO, New York Power Authority.
You likely have a list of criteria to check through during the hiring process of a vendor, but if you haven't added cybersecurity standards to that list, you should.
To extend the ERM approach to information and IP, companies need to create a comprehensive inventory of sensitive data and intellectual property that are key to their competitiveness.
Today's CISO must play a strategic and forceful role in mandating the transition to a more secure enterprise infrastructure.
Target. Home Depot. Morgan Stanley. Sony. Anthem. Jennifer Lawrence. You?
IT pros, beware: The phenomenon of "data breach fatigue" isn't just an issue of consumer complacency.
In this month's "Me and my job" feature, we get to know Johannes Ullrich of the SANS Technology Institute.
Given the recent headline-grabbing breaches, in this month's debate information security professionals discuss whether or not money is safe online.
The security community is abuzz about the risks of reverse engineering code.
It is an assumption for many enterprises operating today that they may already have been compromised.
The rise of IoT will require a completely new approach to network security, says vArmour CEO Timothy Eades.
Threats loom heavily on the minds of those charged with keeping critical data safe from bad actors, says Illena Armstrong, VP editorial, SC Magazine.
A CSO with a budget must be in want of a thousand dedicated point solutions, says Alex Stamos, CISO, Yahoo.
Passing the annual compliance assessment is just the start of a vigilant security program, says Stephen Orfei of the PCI SSC.
With every new data leak end users are looking for ways to better protect themselves and keep their personal financial identity safe from hackers.
The saying "better safe than sorry" rings true when it comes to data security.
As end users bring their own devices, applications, and even networks into their employer's fray, hallowed IT security concepts like visibility, control and peace of mind are jettisoned out the window.
Cybercriminals often are specifically looking for credit card numbers that can be reused on other e-commerce sites or sold to the highest bidder on the digital black market.
Sophisticated bad guys are likely to assume that high-value targets have deployed the latest security technologies - this has been the case going back over a decade.
How did we arrive at this approach to network security and, more importantly, what's happening today that's causing us to seriously rethink this approach?
Whose responsibility is it to lead the fight against cybercrime and protect valuable health care data? The answer: it's not just one person.
The "It won't happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises' risk of being breached.
The truth is simply that none of us, including the FTC and Ofcom, fully know or understand the extent for which the unintended consequences of IoT will show its ugly head.
One crucial step will ensure that you do not fall haphazardly down the rabbit hole on your way there.
A misstep by an IT employee of Canadian communications conglomerate Rogers Communications allowed the contractual information of 50-70 of the company's business customers to be exposed via Twitter.
If we can learn anything from the Carbanak malware, it is to use stealthy and evasive maneuvers in the security technology and education we deploy within enterprises to fight fire with fire.
Canada deported self-proclaimed Anonymous member Matt DeHart.
As much as I applaud the FTC for making security a priority, its recommendations are light years away from where the current IoT security bar is.
Perimeter security has only brought us so far. It's time to embrace a user-centric model instead.
In order to show risk is being properly managed, security teams are often regarded as gatekeepers who slow the pace of software development due to what is perceived as their authoritative behavior.
Shared Services Canada plans to spend $55 million to upgrade IT infrastructure.
Technological innovation is now increasingly consumer led forcing organizations to adopt faster to serve them or it diffuses into the work environment leaving the traditional IT to play catch-up.
Here's a closer look at CipherCloud's Chief Trust Officer Bob West.
Experts debate whether the financial industry has a leg up in terms of their cybersecurity strategy when compared to other industries.
Even the most sophisticated, well-intentioned perimeter-focused cybersecurity strategy cannot possibly be 100 percent effective, says Oliver Tavakoli, CTO, Vectra.
Identity management has evolved rapidly over the past decade, says Jim Robell, president and COO, Eid Passport.
An ill-informed worker is a weak link that leaves a giant gap in your defenses, says SOHO Solutions VP Scott Aurnou.
Despite ongoing attacks against major corporations, not much is changing at the executive level, says Illena Armstrong, VP, editiorial, SC Magazine.
Hackers are finding new attack vectors to exploit and it is becoming harder for us "security professionals" to defend our organizations, says Zouhair Guelzim, CISO, L'Oréal Americas.
Sign up to our newsletters
SC Magazine Articles
- Skype targeted by T9000 backdoor trojan
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Student SSNs exposed in University of Central Florida breach
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers