While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.
Defence Minister Peter MacKay has committed $20 million to fund projects aimed at making Canada safer from cyber attacks.
Canadians are about to get their first comprehensive look at the extent of cyber crime on domestic business.
More than 2,000 USB keys were replaced after a hard drive and key went missing.
Privacy concerns are driving Canadians away from smartphone apps and online services.
A successful security professional will tap into an organization's entire employee base to get results. And the benefits will go both ways.
For moving core apps to the cloud or implementing new systems in companies' internal environments, IT project managers are in great demand.
Marty Edwards' job is to coordinate efforts between the government and the private sector.
As nations engage with one another in shadowy conflicts taking place in the digital sphere, experts are questioning whether treaties and rules that were created for kinetic fighting apply to a new era of combat.
For our May issue's "threat of the month," we focused on pdf.exe.zip files, an old-style email executable attachment attack.
In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.
Employees lack the training to collect and preserve email and electronic evidence.
The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.
Are we creating a cyber professional salary bubble that will eventually burst, asks Holly Ridgeway, SVP and CISO enterprise systems at PNC.
How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?
A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).
April's "threat of the month" are Universal Plug and Play (UPnP) vulnerabilities, which allow attackers to execute arbitrary code.
In this month's debate, two experts discuss whether or not China is the top cyber threat to the United States.
Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.
Unfortunately, data security and regulatory compliance requirements do not evaporate in the public cloud, says Vormetric's Ashvin Kamaraju.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
Cyber espionage is at an all-time high, and businesses across the United States are being targeted and breached, says Phillip Ferraro, CISO, DRS Integrated Defense Systems and Services.
Among the humdrum there are cyber events cropping up here and there that breed excitement.
Lets just stop preventing what seems to be unavoidable and figure out how to enable our users to operate securely on a completely compromised device.
Finance companies should adopt an approach of least privilege, which takes into account security and productivity by granting users only the rights necessary to carry out their jobs.
While intellectual property theft at the hands of regular employees may not yield the provacative headlines as a Chinese military unit spreading APTs from an office in Shanghai, the former scenario is the more likely one.
Security professionals must toe the delicate line of assessing and responding to legitimate risk and being mindful of an organization's needs. Working in their favor is belief that protecting sensitive data is a fundamental component of any business operation.
As interest in the public cloud remains strong, a security expert makes sense of new recommendations for securing payment card data in those environments.
Tupac Shakur once sang, "The old way isn't working so it's on us to do what we gotta do to survive." That too goes for information security professionals, who are being tested like they've never been tested before.
Cyber war is not as common as the mainstream news cycle would have us believe, but its definition is not as cut-and-dry either. Just because nothing is blowing up doesn't mean it isn't happening. It's all about the context.
From "booth babes" to vapid marketing lingo to directionless conversations with vendor reps, one industry veteran wonders how information security professionals can take the RSA Conference showroom floor seriously.
After intense opposition from the public, the Canadian government pledged to not introduce additional legislation to monitor online activity.
The Canadian government should to make it mandatory for utility companies and others to tighten security, a former official told a security conference.
The nascent partnership between a Chinese development group and an entrepreneurial hub funded by three levels of Canadian government has raised concerns from an outspoken former security adviser to Nortel Networks.
Offering up more general guidelines to strengthen the country's critical infrastructure security - as in the president's recent executive order - is all well and good, but without any meaningful and enforceable requirements then, really, what's the point?
Dominic Vogel, IT security analyst at a financial institution in British Columbia, Canada, shares how he entered the information security field and the challenges he faces.
This month's featured debate informs whether the FTC should have the right to penalize companies for poor data security/privacy practices.
IT trends - cloud, social networking and BYOD - are making the practice of security management complex, and are forcing organizations to shift to a risk-management perspective.
Prior to a job switch, ask questions to learn if the company you are considering is in good shape, says former Yahoo CISO Justin Somaini.
Information security executives must work to "engineer" their organizations to be better, faster, cheaper - and more secure, says Rafael Diaz, CISO, state of Illinois.
We can prepare for whatever is over the horizon by enhancing our security architectures to prioritize our most important assets, while accounting for the changing attack vectors threatening them.
The number of internet-connected devices is increasing exponentially and faster than anyone can manage or secure them.
One of sternest challenges for security professionals is finding the person who can best communicate the significance of data protection to senior management. It can be done, but sometimes it takes a little bit of luck.
The days of refusing to look for possible IT and security threats with the potential to result in the loss of customer data are over.
As the bring-your-own-device movement becomes commonplace and better managed, it's time for security pros to move their focus toward securing the mobile application.
The Canada Revenue Agency (CRA) has unnerved privacy experts with a change to its electronic tax-filing policy: It has removed several authentication requirements for electronic filers.
Canadian telecommunications giant Telus is bolstering its security offering with the acquisition of digital security and forensics company Digital Wyzdom.
Human Resources and Skills Development Canada (HRSDC), a department of the Government of Canada, was reeling last month after the personal data of 583,000 Canadians was lost on a portable hard drive.
Behind the rallying cry, "Privacy equals freedom," Ontario's Information and Privacy Commissioner Ann Cavoukian struck a partnership with Oracle to celebrate International Privacy Day: Jan. 28.
A young, Montreal-based computer science student, his former college and the institution's IT provider all found themselves thrust into the media spotlight over the student's stance on ethical hacking.
This phenomenon sees applications designed for consumers - such as Dropbox, Skype, Google Apps, WordPress, GoToMyPC - finding their way into the corporate tool box.
The increase of systems automation and monitoring within manufacturing companies has led to increased demand for certified automation systems professionals.
This month's "Me and my job" features the University of Connecticut's senior network technician, Mike Lang.
This month's debate covers Hacktivist group Anonymous. Will they take a backseat to more extremist groups in 2013?
The ever-changing nature of malware generates anomalous network behavior that can be detected by leveraging large corpuses of data collected from multiple observation points.
Security pros should be less secretive, says New York City CISO Dan Srebnick.
The data center business model must evolve with cloud's demands, says NJVC's Kevin Jackson.
I was dismayed and disturbed by the suicide of Aaron Swartz, which only added to well-rooted revulsion for the relentlessness of legal actions against him.
A more substantial enterprise mobility framework can be conceived with a combination of NAC, MDM and MAM based on organizational requirements.
If properly cultivated through effective education programs, employees can shed the moniker of "weakest link" and become an organization's greatest security asset.
There's no denying that CSOs will have to deal with bring-your-own-device sooner or later, but ultimately it will lead to an enhanced workforce.
Canada remains vulnerable to cyber attacks by "terrorist groups [which] have expressed interest in developing the capabilities for computer-based attacks against Canada's critical infrastructure."
The personal information of about 583,000 former post-secondary students is unaccounted for, as a result of a breach of security at the agency responsible for issuing student loans.
The Canadian government has no plans to follow the recommendations made in a report it commissioned into ethical hacking.
When seeking to attack social networking sites, miscreants don't even have to bother with the client or the server, yet a similar outcome could result. Now is the time for these platforms to prepare for what's to come.
When building new systems, security must be as foundational as performance and capability. Because without such a model, the risks associated with today's IT environments will only worsen.
Bring-your-own-device (BYOD) has emerged as an institution in corporate America today - but does the acronym stand for bring your own device or bring your own disaster?
Debate: Bug bounty programs - offering monetary rewards to researchers - help make companies more secure.
The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like.
If we want the best minds, we can no longer look to only half the population, says Karen Purcell.
As we start 2013 off, I'm pretty sure that information security leaders everywhere are glad to hear all those predictions about their budgets getting a boost this year (and that the Mayans were wrong).
If no one can guarantee an organization is hack-proof, then perhaps it's time for a more practical approach - cyber liability insurance.
As employees use more consumer-grade applications and access more corporate data from unmanaged mobile devices, the network perimeter continues to disappear - along with IT's ability to enforce appropriate security controls.
BYOD has empowered the modern workforce, improved productivity and allowed companies to deliver better services to customers and partners. Forrester sees a continuation of this trend into 2013 and beyond.
The best run organizations can find a number of blunders lurking in their firewall rules.
When you consider how many stakeholders are invested in Microsoft's Patch Tuesday, it's no wonder the monthly affair stirs up so much energy in the cyber world.
Distributed denial-of-service attacks are becoming more potent, and truth be told, they're often difficult to stop.
With a new year come new challenges. But while many see bring-your-own-device gaining momentum, more organizations may be ready to issue their own handhelds to employees.
Understanding your organization's security posture can mean the difference between data that's protected from attackers and a breach that can result in major financial and reputational harm.
The convergence of communications, VoIP and multimedia systems (video conferencing, webinars, peer-to-peer) has increased the demand for engineers capable of designing and managing systems.
A Q&A with Brian Calkin assistant director, Multi-State ISAC Security Operations Center at the Center for Internet Security.
As the threat landscape continues to evolve, one malicious tactic has stood the test of time: distributed denial-of-service attacks (DDoS).
From stealthy to blatant tactics, 2012 has seen them all.
We all know what we spend internally, but how do we get reliable, timely information for comparison purposes?
As network security grows more elusive, CxOs need to ask their IT departments some tough questions.
This is the age of bring-your-own-device, and it is too late to turn back now.
From mobile devices to the cloud to the supply chain and beyond, next year is certain to bring with it fresh set of information security challenges.
Companies that acquire patents for sole purpose of suing other companies is limiting IT security innovation, which, in turn, is making users less safe.
It's true: There are certain attacks that no security technology will be able to stop. But the situation isn't entirely hopeless. How organizations respond to an active threat can make all the difference in the world.
As the level of sophistication of digital attacks grows rapidly, targeted organizations must devise a strategic, military-like response.
Public Safety Canada and the U.S. Department of Homeland Security launched an action plan last month to back up a February 2011 border security partnership.
The Canadian government has unlocked $155 million in funding to bolster cyber security, just as the Auditor General issued a negative report.
The theater of risk has changed from network service-based attacks to attacks against the endpoint.
Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.
A Q&A with Grant Babb, proactive investigations program manager for Intel IT.
Sixty percent of the venture-backed IPOs issued in the third quarter of this year are IT related.
While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.
Though standards lack, sharing threat data is vital, says EMC's Christopher Harrington.
Among the some 400 attendees at last month's SC Congress New York, fears bandied about crossed various spectrums.
As device adoption continues to grow, the importance of implementing a secure enterprise mobility program cannot be understated.
