Opinions Why cybersecurity is vital during the vendor selection process

Why cybersecurity is vital during the vendor selection process

You likely have a list of criteria to check through during the hiring process of a vendor, but if you haven't added cybersecurity standards to that list, you should.

Opinions Building on IT security to protect all intellectual property

Building on IT security to protect all intellectual property

To extend the ERM approach to information and IP, companies need to create a comprehensive inventory of sensitive data and intellectual property that are key to their competitiveness.

Opinions What CISOs need most: Courage in the face of security nihilism

What CISOs need most: Courage in the face of security nihilism

Today's CISO must play a strategic and forceful role in mandating the transition to a more secure enterprise infrastructure.

Opinions Cybersecurity is broken

Cybersecurity is broken

Target. Home Depot. Morgan Stanley. Sony. Anthem. Jennifer Lawrence. You?

Opinions Wake up! What are you doing to battle breach fatigue?

Wake up! What are you doing to battle breach fatigue?

IT pros, beware: The phenomenon of "data breach fatigue" isn't just an issue of consumer complacency.

Opinions Me and my job: Johannes Ullrich, SANS Technology Institute

Me and my job: Johannes Ullrich, SANS Technology Institute

In this month's "Me and my job" feature, we get to know Johannes Ullrich of the SANS Technology Institute.

Debate Debate: Your money is safe online.

Debate: Your money is safe online.

Given the recent headline-grabbing breaches, in this month's debate information security professionals discuss whether or not money is safe online.

Opinions Mobile interfacing with IoT

Mobile interfacing with IoT

The security community is abuzz about the risks of reverse engineering code.

Opinions Bad guys are inside

Bad guys are inside

It is an assumption for many enterprises operating today that they may already have been compromised.

Opinions Avoid a network stampede

Avoid a network stampede

The rise of IoT will require a completely new approach to network security, says vArmour CEO Timothy Eades.

Editorial Giving sidelined IT security pros some love

Giving sidelined IT security pros some love

Threats loom heavily on the minds of those charged with keeping critical data safe from bad actors, says Illena Armstrong, VP editorial, SC Magazine.

Opinions The failure of the security industry

The failure of the security industry

A CSO with a budget must be in want of a thousand dedicated point solutions, says Alex Stamos, CISO, Yahoo.

Opinions Strike back on payment security

Strike back on payment security

Passing the annual compliance assessment is just the start of a vigilant security program, says Stephen Orfei of the PCI SSC.

Opinions PCI DSS 3.0 is good, but not good enough

PCI DSS 3.0 is good, but not good enough

With every new data leak end users are looking for ways to better protect themselves and keep their personal financial identity safe from hackers.

Opinions The best defense is a good offense: The importance of securing your endpoints

The best defense is a good offense: The importance of securing your endpoints

The saying "better safe than sorry" rings true when it comes to data security.

Opinions Shadow data: The monster that isn't just under your bed

Shadow data: The monster that isn't just under your bed

As end users bring their own devices, applications, and even networks into their employer's fray, hallowed IT security concepts like visibility, control and peace of mind are jettisoned out the window.

Opinions The power of the subconscious to protect against online fraud

The power of the subconscious to protect against online fraud

Cybercriminals often are specifically looking for credit card numbers that can be reused on other e-commerce sites or sold to the highest bidder on the digital black market.

Opinions The car alarm syndrome and the high cost of too many security alerts

The car alarm syndrome and the high cost of too many security alerts

Sophisticated bad guys are likely to assume that high-value targets have deployed the latest security technologies - this has been the case going back over a decade.

Opinions Why it's time to replace the tootsie pop approach to network security

Why it's time to replace the tootsie pop approach to network security

How did we arrive at this approach to network security and, more importantly, what's happening today that's causing us to seriously rethink this approach?

Opinions The one-two punch of cybercrime: Who's leading the fight?

The one-two punch of cybercrime: Who's leading the fight?

Whose responsibility is it to lead the fight against cybercrime and protect valuable health care data? The answer: it's not just one person.

Opinions Why enterprise IT and security teams should talk more

Why enterprise IT and security teams should talk more

The "It won't happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises' risk of being breached.

Opinions Developer liability, data proliferation at center of FTC report on IoT

Developer liability, data proliferation at center of FTC report on IoT

The truth is simply that none of us, including the FTC and Ofcom, fully know or understand the extent for which the unintended consequences of IoT will show its ugly head.

Opinions This key unlocks the door to a network virtualization wonderland

This key unlocks the door to a network virtualization wonderland

One crucial step will ensure that you do not fall haphazardly down the rabbit hole on your way there.

SC Canada

Rogers victimized by ransomware

A misstep by an IT employee of Canadian communications conglomerate Rogers Communications allowed the contractual information of 50-70 of the company's business customers to be exposed via Twitter.

Opinions What we can learn from $1 billion bank-robbing malware

What we can learn from $1 billion bank-robbing malware

If we can learn anything from the Carbanak malware, it is to use stealthy and evasive maneuvers in the security technology and education we deploy within enterprises to fight fire with fire.

SC Canada

Anonymous member deported from Canada

Canada deported self-proclaimed Anonymous member Matt DeHart.

Opinions IoT security: It's not to late to get it right!

IoT security: It's not to late to get it right!

As much as I applaud the FTC for making security a priority, its recommendations are light years away from where the current IoT security bar is.

Opinions Protect people, not machines

Protect people, not machines

Perimeter security has only brought us so far. It's time to embrace a user-centric model instead.

Opinions Policy driven development: Bringing DevOps to InfoSec

Policy driven development: Bringing DevOps to InfoSec

In order to show risk is being properly managed, security teams are often regarded as gatekeepers who slow the pace of software development due to what is perceived as their authoritative behavior.

SC Canada

Canadian government investing to counter attacks

Shared Services Canada plans to spend $55 million to upgrade IT infrastructure.

Opinions Playing defense in ranks: Cybersecurity reimagined

Playing defense in ranks: Cybersecurity reimagined

Technological innovation is now increasingly consumer led forcing organizations to adopt faster to serve them or it diffuses into the work environment leaving the traditional IT to play catch-up.

Opinions Me and my job: Bob West, chief trust officer, CipherCloud

Me and my job: Bob West, chief trust officer, CipherCloud

Here's a closer look at CipherCloud's Chief Trust Officer Bob West.

Debate

Debate: The financial industry really is better at cybersecurity than other industries.

Experts debate whether the financial industry has a leg up in terms of their cybersecurity strategy when compared to other industries.

Opinions Rethink your cybersecurity strategy

Rethink your cybersecurity strategy

Even the most sophisticated, well-intentioned perimeter-focused cybersecurity strategy cannot possibly be 100 percent effective, says Oliver Tavakoli, CTO, Vectra.

Opinions How far have we come?

How far have we come?

Identity management has evolved rapidly over the past decade, says Jim Robell, president and COO, Eid Passport.

Opinions Communicating security concepts

Communicating security concepts

An ill-informed worker is a weak link that leaves a giant gap in your defenses, says SOHO Solutions VP Scott Aurnou.

Editorial Is this an evolution or a devolution?

Is this an evolution or a devolution?

Despite ongoing attacks against major corporations, not much is changing at the executive level, says Illena Armstrong, VP, editiorial, SC Magazine.

Opinions Is your organization prepared for targeted cyber attacks?

Is your organization prepared for targeted cyber attacks?

Hackers are finding new attack vectors to exploit and it is becoming harder for us "security professionals" to defend our organizations, says Zouhair Guelzim, CISO, L'Oréal Americas.

Opinions Three reasons native mobile apps need extra security love

Three reasons native mobile apps need extra security love

Aside from the many benefits native apps provide, enterprises face challenges they need to deal with to make sure they aren't exposed to the new security risks native apps introduce.

Opinions Think you should just be worried about fines? Think again. And think like an attacker.

Think you should just be worried about fines? Think again. And think like an attacker.

When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.

Opinions Why government cybersecurity measures should take cues from industry-driven rules

Why government cybersecurity measures should take cues from industry-driven rules

On the whole, the recent steps taken by government are thoughtful and meaningful - and the attention to cybersecurity is overdue. But will they be enough?

SC Canada

CSE spies on global file uploads

One of Canada's intelligence agencies has been secretly monitoring file downloads across the world for years.

SC Canada

Canada losing cybersecurity war

Canada's companies are ill-prepared to meet modern cybersecurity challenges, according to a survey by the Ponemon Institute.

Opinions Time to eliminate the value of SSNs

Time to eliminate the value of SSNs

If we can't stop breaches, then let's remove the incentive for hacking by devaluing the data, especially Social Security Numbers.

SC Canada

Bill C-51 widens government surveillance powers

The Canadian government has introduced Bill C-51, an 'anti-terror' bill that will broaden the surveillance powers of government agencies.

Opinions 4 DevOps survival tips for security specialists

4 DevOps survival tips for security specialists

How can security pros adapt and automate their own processes to support DevOps without the business being eaten alive from non-compliance, hacks and exposures?

Skills in Demand Skills in demand: Information security analysts - health care

Skills in demand: Information security analysts - health care

The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.

Opinions Me and my job: Kristi Carrier, quality auditor, Nuspire Networks

Me and my job: Kristi Carrier, quality auditor, Nuspire Networks

In this month's issue we get to know more about Kristi Carrier and her role as the Quality Auditor at Nuspire Networks.

Opinions Are mobile apps risky business?

Are mobile apps risky business?

The increasing prevalence of mobile applications is exposing new security holes for businesses.

Opinions Information privacy and Big Data

Information privacy and Big Data

Enterprises are finding new ways to solve problems and extract value from data.

Opinions The security model is broken

The security model is broken

Every enterprise is susceptible to a breach, unless something changes, says Craig Shumard, principal of Shumard and Associates.

Editorial It's going to take savvier preparation

It's going to take savvier preparation

It's important to look at a few other practical takeaways from the headline-grabbing Sony attack.

Opinions Breach response: Are you prepared?

Breach response: Are you prepared?

Streamline your incident plan with clear IT security operational definitions and develop a detailed inventory of every asset within your network, says ViJay Viswanathan, CISO, HD Supply.

Opinions Usability as a protection feature

Usability as a protection feature

Psychological acceptability may not sound like a term that'll hold much significance for the future of secure file sharing, but don't sell it short.

Opinions Tips for organizations in the wake of the biggest corporate hack in history

Tips for organizations in the wake of the biggest corporate hack in history

Consider the main learning points from this event and count yourself lucky that you can learn at Sony Picture Entertainment's massive expense.

2015 Predictions 2015: Trends in network performance measurement and application virtualization

2015: Trends in network performance measurement and application virtualization

These two areas of the security space are sure to bring in some interesting changes in the new year.

Opinions How organizations can prepare for 2015 data privacy legislation

How organizations can prepare for 2015 data privacy legislation

Many states have laws today that require corporations and government agencies to notify consumers in the event of a breach - but it is not enough.

Opinions Don't dismiss internal data breaches as minor - they aren't!

Don't dismiss internal data breaches as minor - they aren't!

The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.

Opinions Could the Sony breach have been prevented?

Could the Sony breach have been prevented?

While most agree that corporate security needs to improve, a question still remains: Even with best practices in place, could the Sony debacle have been prevented?

2015 Predictions Six ways identity will take center stage in 2015

Six ways identity will take center stage in 2015

With the growing connectedness of all things great and small, the need for trusted identities will take center stage in 2015.

Opinions Who is responsible for software safety? Nobody is no longer an option

Who is responsible for software safety? Nobody is no longer an option

It is now up to banks to self-regulate themselves or continue to deal with the pressing questions of concerned officials like Benjamin Lawsky.

Opinions Building a proactive versus solutions-based security plan

Building a proactive versus solutions-based security plan

2014 taught us that organizations cannot rest on their laurels. Security team needs to be in a state of hypervigilance. This is precisely why developing and implementing a proactive security plan will be a critical component of 2015 IT priorities.

2015 Predictions Will 2015 bring a stronger focus on IT security?

Will 2015 bring a stronger focus on IT security?

As we predicted around this time last year, 2014 has seen more high-profile targeted attacks with motivations of stealing information. Here's what could be in store this year.

2015 Predictions Cyber threat developments in 2015

Cyber threat developments in 2015

It was a tumultuous year with several interesting developments in computer security and the lack thereof.

2015 Predictions Reconnaissance is the name of the game in 2015

Reconnaissance is the name of the game in 2015

Attackers are moving away from a "smash and grab" theft of credit card numbers towards the benefits accessible by waiting for "interesting" data.

2015 Predictions We're failing on the basics and need a new approach

We're failing on the basics and need a new approach

In 2015, we will see the rise of targeted defensive security solutions that are accurate, scalable and lack the need for the coddling hand of security experts.

2015 Predictions Expect more ransomware and 'extortionware' in 2015

Expect more ransomware and 'extortionware' in 2015

While we can expect to see the return of some of the issues we faced in 2014, there are still a number of new threats that we need to be aware of in the year to come.

2015 Predictions Social engineering will ramp up in 2015

Social engineering will ramp up in 2015

We still need more education in place, especially when it comes to building awareness of cyber hygiene among the general public.

2015 Predictions 2015: Just before it all falls

2015: Just before it all falls

Security teams must spend 2015 preparing for a world of wearable, portable, smart tech that is as promiscuous in its data sharing as it is varied in its form factor.

2015 Predictions Six cloud security predictions for 2015

Six cloud security predictions for 2015

A year of continuousl breach and surveillance headlines shook both enterprise and consumer confidences and is driving more urgent security discussions.

Opinions The problem with Big Data

The problem with Big Data

Big Data just keeps on getting bigger and bigger. It's almost like Moore's Law. And...it has a domino effect.

Opinions The 10 POS malware families this holiday season

The 10 POS malware families this holiday season

This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.

Opinions Securing the enterprise with the five W's of access

Securing the enterprise with the five W's of access

Burden of proof should grow heavier as request for access grows more sensitive.

2015 Predictions Exploits, mobile and cloud storage threats will plague users in 2015

Exploits, mobile and cloud storage threats will plague users in 2015

2015 is setup to be one of the most dangerous years for not only your PC but also your mobile devices and cloud storage.

2015 Predictions 2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics

2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics

Based on the course of events that we've seen over the last year, and how the market is responding, here are some of the security trends that we will see over the coming 12 months.

2015 Predictions A forecast of the cyberthreat landscape in 2015

A forecast of the cyberthreat landscape in 2015

From Heartbleed to WireLurker, we certainly had our hands full. Here are some other trends from 2014 and predictions for the coming year.

2015 Predictions What we can be thankful for in '14, and what we might expect in '15

What we can be thankful for in '14, and what we might expect in '15

As we approach the time of year when all the security gurus bring out their crystal balls, we should also focus on the improvements made in 2014.

Opinions Why compliance matters

Why compliance matters

Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.

Opinions The cybersecurity skills gap

The cybersecurity skills gap

Cooperation is required to advance the profession, says Towerwall's Candy Alexander.

Debate

Debate: If the good guys don't hire the "unhireable," the bad guys will.

Experts debate whether or not organizations should consider hiring hackers with a criminal past.

Editorial Take the ride: 25 years of covering IT security

Take the ride: 25 years of covering IT security

For this year's annual Reboot edition, we took the opportunity to look back not just on the last 12 months, but the last 25 years SC has been entrenched in the information security space.

Opinions The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

Opinions Missing the big picture in the Sony hack

Missing the big picture in the Sony hack

Should we rush out signatures for this latest version of malware, or should we take a step back and figure out how to focus our technology and security operations around identifying attackers before they wreak such havoc?

Opinions Expanding security zones, a historical example

Expanding security zones, a historical example

Network security today has similar defensive problems to those posed to American Colonial population centers. Here's why...

Opinions The future of security and authentication

The future of security and authentication

As hackers become more advanced, our security methods also have to evolve and become more secure so that we aren't just giving our information away.

Opinions PCI 3.0: The good, the changes and why it's not ugly

PCI 3.0: The good, the changes and why it's not ugly

The primary challenge to secure payment card data is that too many involved see the PCI DSS as a panacea for every risk in the marketplace.

Opinions The Internet of Things (IoT) will fail if security has no context

The Internet of Things (IoT) will fail if security has no context

The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.

Opinions Failing the security test: Target wasn't the first failing grade, or the last

Failing the security test: Target wasn't the first failing grade, or the last

It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.

Opinions Four commonly overlooked security gaps

Four commonly overlooked security gaps

If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.

SC Canada

Federal data breach legislation advances as provincial lapse nears

A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.

SC Canada

Wildfire breach affects 15,000

British Columbia's provincial government is notifying 15,000 individuals after a privacy breach in its Wildfire Management Branch.

SC Canada

RCMP record keeping needs work, says Privacy Commissioner

Canada's RCMP cannot tell whether it complies with federal privacy law when gathering information about citizens without a warrant, according to a report.

Opinions Combating cyber risk in the supply chain

Combating cyber risk in the supply chain

Everyone involved with vendor management should now develop a common, collaborative security strategy.

Opinions A silver lining in the JPMorgan breach?

A silver lining in the JPMorgan breach?

This incident gives the industry hope that proactive measures can stop an attacker before a breach drives catastrophic results.

Opinions Does an Executive Order make payments more secure in the U.S.?

Does an Executive Order make payments more secure in the U.S.?

This year has been so bad for merchant data breaches that the president felt the need to ensure that the government would offer itself as a more safe and secure place to do business with.

Threat of the Month

Threat of the month: Bash bug/Shellshock

Threat of the month: Bash bug/Shellshock

Skills in Demand Skills in demand: Biometric security, account executive

Skills in demand: Biometric security, account executive

Good news for those industry pros that specialize in biometric security...you're in demand.

Opinions Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

This month, we get to know Marisa Faga, Bugcrowd's director of crowd operations.

Debate

Debate: Should you pay a cyber ransom?

Industry experts debate whether organizations should or should not pay a cyber ransom to miscreants.

Opinions Will cyber threaten mobile?

Will cyber threaten mobile?

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US