- Home
- Infosec Insider
Infosec Insider
ft: f: 2000-01-01t: 3000-01-02c: 2018-07-16
asdf
2018-07-12 05:32:55
Featured Article:
Are Security Professionals Doing Enough?
By Marcos Colón
July 12, 2018
Cybereason’s Israel Barak discusses the approach that far too many businesses take when it comes to their security strategy and highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.
2018-07-10 05:24:25
First-Hand Experience in Developing a Threat Hunting Program
By Jessa Gramenz
July 10, 2018
Developing a threat hunting program may be challenging, but it doesn’t have to be. In this feature article, one subject matter expert provides us with a glimpse into her experience on the topic and what you can expect.
2018-07-05 05:45:08
How Hacked Elections Impacted the Security Industry
By Marcos Colón
July 05, 2018
CA Veracode’s Chris Wysopal discusses how the 2016 presidential election hack broadened the horizon on how security warriors think about defending their data and offers up advice on what they should consider when it comes to protecting sensitive information.
2018-07-03 05:46:00
Threat Modeling: What, Why, and How?
By Adam Shostack
July 03, 2018
Threat modeling is essential to becoming proactive and strategic in your operational and application security. In this feature article, you'll learn what threat modeling is, how it relates to threat intelligence, and how and why to start.
2018-06-28 05:00:33
Looking to Benefit from AI? Build Something!
By Marcos Colón
June 28, 2018
Cylance’s Colt Blackmore discusses why leveraging AI isn’t limited to purchasing an out-of-the-box solution and details the critical steps that security practitioners should take to successfully utilizing the technology to their organization’s advantage.
2018-06-26 05:32:29
A Primer on Breach and Attack Simulations
By Adrian Sanabria
June 26, 2018
In this age of vendors offering simple solutions to complex problems, defenders need the ability to see past the glamour of marketing. That's where attack simulation technology can help, enabling use cases in the market that help answer pressing questions in enterprise security.
2018-06-21 05:38:49
Cover Your Bases: Areas to Focus on in Your Information Security Strategy
By Marcos Colón
June 21, 2018
Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.
2018-06-19 05:14:31
Imagine If Security Solutions Understood Our Language
By Vijay Dheap
June 19, 2018
It's up to security professionals to infer security significance of all the events security solutions report. The first step to arriving at an answer to this intractable problem is teaching our security tools to understand us. Advancements in Natural Language Processing could help.
2018-06-14 05:06:03
The CISO of Yesterday, Today, and Tomorrow
By Marcos Colón
June 14, 2018
SAP CSO Justin Somaini discusses how the role of the CISO has evolved into what it is today, and what up and coming security leaders should prepare for once they take charge of a security program at a major organization.
2018-06-12 05:18:30
The Dark Web: What You Should Know and Why You Should Care
By Josue Ledesma
June 12, 2018
The dark web is one of those elusive subjects that can often get misinterpreted. We spoke to Reclamere's Connie Mastovich to get her expert take on what the dark web is, what risk it poses to companies, and how to protect yourself from it.
2018-06-07 05:01:57
Why is DNS Underutilized as a Security Tool?
By Marcos Colón
June 07, 2018
Farsight CTO Merike Kaeo discusses why DNS is still be underutilized as a security tool today, shares some examples of lessons-learned that could apply to you, and provides steps you can take to ensure you’re taking advantage of your DNS infrastructure.
2018-06-05 05:25:04
How to Make Sense of Attack Patterns
By Josue Ledesma
June 05, 2018
In this featured post, we speak to TrustedSec Founder Dave Kennedy who offers up advice on how you can set up your security department’s defenses to respond and defend against common attacks.
2018-05-31 05:00:29
Cybersecurity is at Negative Unemployment. But why?
By Marcos Colón
May 31, 2018
ISACA’s Rob Clyde discusses what’s leading cybersecurity to be at negative unemployment, but also shares how addressing issues in diversity, training, and education could go a long way in closing that talent gap.
2018-05-29 05:18:53
Don’t Follow the Herd When it Comes to Security Purchasing Decisions
By Ed Moyle
May 29, 2018
When it comes to making security purchasing decisions, many practitioners tend to follow the crowd. But given the variables tied to making those decisions, that may not be the best route to go. Here's why.
2018-05-24 05:33:11
How to Speak the Business of Security Effectively
By Marcos Colón
May 24, 2018
Cisco's Edna Conway shares her insight on what infosec leaders can do to ensure that security becomes an active discussion about the way you operate within the business, rather than an added bolt-on feature.
2018-05-22 06:16:00
Are You Confident in Enterprise Artificial Intelligence?
By Vijay Dheap
May 22, 2018
If you work in security, you've heard of AI and the "game-changing" promises of its models. How secure is AI, though, and what can organizations do to ensure AI isn't another breachable vulnerability?
2018-05-17 05:15:27
What is Attack Driven Development?
By Marcos Colón
May 17, 2018
Bugcrowd’s Keith Hoodlet outlines the importance of attack driven development and offers up the key steps security practitioners should take for this approach to have a positive impact on their overall security strategy.
2018-05-15 06:16:00
Crisis Communications in a Headline-Driven World
By Katherine Teitler
May 15, 2018
Media communication in the face of a cybersecurity incident often gets the shaft in favor of incident handling, but what you don't handle can come back to haunt you.
2018-05-10 05:02:37
How Security Leaders Can Get Proactive with Their Comms Departments
By Marcos Colón
May 10, 2018
Uber’s Melanie Ensign discusses the relationship between the communications function and infosec teams and offers up some uncommon communication tips for security leaders that may have a skewed view of the communications department within their organization.
2018-05-08 06:16:00
A Look at the Current State of Mobile Security
By Aaron Turner
May 08, 2018
Enterprise security practitioners can greatly improve their network security posture, if only they would take the time to right-size mobile security policies.
2018-05-03 05:23:39
How the 'Fog of More' Bogs Down Infosec Pros
By Marcos Colón
May 03, 2018
Given the troves of education information, training, and technology available to security professionals, you’d think they’d be a step ahead of malicious actors. But this overabundance of information may actually be causing more harm than good. Here’s what one expert had to say about the “fog of more.”
2018-05-01 06:16:00
ISACA Workforce Development Report Highlights Need for More & More Qualified Security Employees
By Katherine Teitler
May 01, 2018
Cybersecurity staffing requires more than simply finding enough people to accomplish tasks.
2018-04-26 05:29:15
Are You Taking the Right Approach to Threat Intelligence?
By Marcos Colón
April 26, 2018
Are you taking the right approach when it comes to threat intelligence? We caught up with one subject matter expert that provides some uncommon tips on developing a successful threat intelligence program.
2018-04-24 06:16:00
How to Manage Your Security Post-Conference Inbox
By Katherine Teitler
April 24, 2018
Cybersecurity conferences often lead to inbox overload, but they don't have to if the onsite experience is managed correctly.
2018-04-19 05:28:30
Are You Over- or Under-Investing in Cybersecurity?
By Marcos Colón
April 19, 2018
We caught up with one CISO that shares his advice on what security leaders can do to ensure they're taking the right approach to budgeting as it relates to their overall security strategy.
2018-04-17 06:16:00
Cybersecurity Executives Misalign Concerns with Actions
By Katherine Teitler
April 17, 2018
Cybersecurity teams seem to understand their biggest areas of challenge, yet the action to put effort behind remediating those problems falls short.
2018-04-12 06:02:05
How to Proactively Hunt for Cyber Threats
By Marcos Colón
April 12, 2018
InfoSec Insider catches up with one threat expert who discusses why security professionals should consider a proactive threat hunting model, and outlines how they can take that approach.
2018-04-10 06:16:00
Cloudy With a Chance of Shared Security Responsibility
By Katherine Teitler
April 10, 2018
Today, most reputable cloud service providers are security conscious, yet users remain responsible over many—but varying—aspects of information security. Here, we take a look at the three most common public cloud models that should be on your radar.
2018-04-05 06:16:00
How to Avoid Becoming the Security Scapegoat
By Katherine Teitler
April 05, 2018
When a company falls victim to a cyber incident, security personnel are often in the line fire--especially when they've focused only on the technical side of the job. Here we provide some tips that can lessen the chances that any one person will bear the absolute blame.
2018-04-03 06:16:00
Five Cyber Risks Your Organization is Likely to Encounter
By Katherine Teitler
April 03, 2018
Today's threat landscape is like a tentacled sea monster that security practitioners have to battle on a daily basis. In this feature story, we highlight the top five most likely cyber risks to organizations today.
2018-03-29 06:16:00
The Top 10 Talks from InfoSec World 2018
By Katherine Teitler
March 29, 2018
Another year, another successful InfoSec World in the books. While we're sad it's over, here's a brief look at the best-attended talks at this year's show.
2018-03-27 06:16:00
NIST Addresses IoT Security Concerns as Lawmakers Float Certification
By Katherine Teitler
March 27, 2018
With more everyday products being built with internet connectivity capabilities, cybersecurity practitioners have become concerned about the security and privacy of those devices. The state of IoT security is pretty grim, but will proposed guidance and regulations improve processes?
2018-03-22 06:24:19
The Challenges of Measuring Information Security Performance Today
By Marcos Colón
March 22, 2018
InfoSec Insidercatches up with NSS Labs CEO Vik Phatak who discussed what the state of measuring security performance is today, what approach practitioners should be taking, and the common mistake that security pros make when it comes to purchasing security solutions.
2018-03-20 06:16:00
Third-Party Vendor Relationships are Risky Business
By Katherine Teitler
March 20, 2018
While third-party vendor relationships can provide tremendous benefits, partnering does not relieve the primary organization of its security and compliance obligations.
2018-03-16 06:16:00
The Security Game Needs to Change if you Want Developers to Play
By Matias Madou
March 16, 2018
Secure Code Warrior's Matias Madou shares how security and development teams can come together for better collaboration.
2018-03-15 06:16:00
A Brief Guide to Cybersecurity for SMBs
By Katherine Teitler
March 15, 2018
Small- and medium-sized companies must be vigilant about cybersecurity--even if they don't have the staff to handle it internally.
2018-03-13 06:16:00
Zero Trust: Not New, but Breaking into the Security Scene in a Big Way
By Katherine Teitler
March 13, 2018
Zero trust networking was introduced by Forrester Research back in 2009, but only recently has it gained great strides.
2018-03-12 06:16:00
Surviving the Walking Dead: Fending off Social Zombies at InfoSec World
By Tom Eston
March 12, 2018
IoT, home automation, government surveillance, and new privacy regulations all pose a challenge to your organization, but you don't have to let those challenges eat you alive.
2018-03-08 06:16:00
Privileged Identities: Who's Watching the Watchers?
By Katherine Teitler
March 08, 2018
Jonathan Sander addresses why security teams fail at controlling privileged identities, and what they should be doing that won't upset the apple cart.
2018-03-06 06:16:00
Will Net Neutrality Impact the Security Tools Market?
By Katherine Teitler
March 06, 2018
The revocation of Net Neutrality won't impact enterprise security strategy, but it could effect the security tools market. Possibly.
2018-03-01 06:16:00
Key Questions to Ask Your Cybersecurity Recruiter
By Katherine Teitler
March 01, 2018
There is no question that the cybersecurity job market is hot, but not any old recruiter is suited to help you with your hiring needs.
2018-02-27 06:16:00
Learning to Make Better Decisions About Cybersecurity
By Katherine Teitler
February 27, 2018
Tony Sager hopes security practitioners don't view the CIS Controls as "just another checklist."
2018-02-22 06:16:00
Negotiating Today’s Shadow IT Labyrinth
By Katherine Teitler
February 22, 2018
The rise of the "citizen developer" may be a blessing for organizations looking to create efficiencies, but could become a curse for security teams if not handled properly.
2018-02-20 06:16:00
Facing GDPR, Even if You’re Late to the Game
By Katherine Teitler
February 20, 2018
Tackling GDPR means knowing where all your data reside, even if they're outside of your direct control. Here we take a look at how you can tackle this initiative even if you're a bit late given the time of year and when the regulation goes into effect.
2018-02-15 06:16:00
Six Tips for Shoring Up Your SMB Security Strategy
By Katherine Teitler
February 15, 2018
SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.
2018-02-13 06:50:59
Phishing Scams: Fact or Fiction?
By Karl Sigler
February 13, 2018
Phishing attacks aren't going anywhere any time soon. In fact, these scams have only grown in popularity among attackers. This helpful article dispels the four common phishing myths to help employees and outside partners be even more adept at identifying these crimes.
2018-02-08 06:16:00
Four Ways to Improve Security Testing Outcomes
By Katherine Teitler
February 08, 2018
Security testing must be about more than finding vulnerabilities and remediating them. In this feature article we take a look at four proven ways that you can improve your security testing outcomes.
2018-02-07 06:16:00
Got Data Junk?
By Ben Rothke
February 07, 2018
When it comes to old or no-longer-useful corporate data, you can't just hit "delete." Effective electronic data disposal and destruction requires a much more pragmatic and centralized approach.
2018-02-06 06:16:00
Selling Security Metrics to the Board of Directors
By Katherine Teitler
February 06, 2018
For security metrics to be relevant to the board of directors, security teams must tell the story of how those metrics are supporting business goals. How to accomplish this is no easy task.
2018-02-02 06:16:00
Lessons Learned from Running Which Also Apply to a Career in IT
By Jeremy Finke
February 02, 2018
What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.
2018-02-01 06:16:00
5 Ways to Make Your IR Plan Actionable
By Katherine Teitler
February 01, 2018
If you're looking to ensure that your cyber incident response plan doesn't turn into shelfware, here are five ways to make it actionable.
2018-01-31 06:16:00
Analyzing Your Government Contract Cybersecurity Compliance
By Robert Jones
January 31, 2018
If you're a government contractor or a government entity hiring contractors, you need to know the ins and outs of the new FAR and DAR Councils' cybersecurity rules for government contractors.
2018-01-30 06:16:00
Have Point Solutions Reached End of Life?
By Katherine Teitler
January 30, 2018
The infosec tools market can be overwhelming with its abundance of options. How do you choose the best tool for your environment? This informative article will help point you in the right direction.
2018-01-25 06:16:00
Learning to Influence Without Authority
By Katherine Teitler
January 25, 2018
CISOs may have a highly-respected job title, but earning influence with business peers is a more significant challenge.
2018-01-24 06:16:00
From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises
By Giovanni Vigna
January 24, 2018
Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.
2018-01-23 06:16:00
How Artificial Intelligence Fits into Your Cybersecurity Strategy
By Katherine Teitler
January 23, 2018
Artificial intelligence expert, Vijay Dheap, helps separate fact from fiction and provides guidance for companies looking into using AI as part of the defensive security strategy.
2018-01-18 06:16:00
Be Mindful of the Password-Storing Mechanism You Choose
By Katherine Teitler
January 18, 2018
Browser password-saving tools are convenient and may allow account holders to apply stronger passwords, but they're not security tools.
2018-01-16 06:16:00
The Art of Aligning Security Goals with Business Goals
By Katherine Teitler
January 16, 2018
To help security leaders find new ways to better align with business colleagues, we turned to two experts to find out how they’re constantly maneuvering between technical requirements and fueling business priorities.
2018-01-11 06:54:31
Psyber Intelligence Part 2: Hacking Social Intelligence
By Lance James
January 11, 2018
Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.
2018-01-09 06:16:00
The Latest Infosec Vulnerability Meltdown: From the Viewpoint of a Cloud Researcher
By Katherine Teitler
January 09, 2018
In this follow-up article, cloud researcher Mark Nunnikhoven gives us his take on the Meltdown and Spectre vulnerabilities, which can exploit flaws in modern processors. Nunnikhoven provides us with the potential implications that you should take note of.
2018-01-08 06:16:00
The Latest Infosec Vulnerability Meltdown: From the Viewpoint of a Security Consultant and Entrepreneur
By Katherine Teitler
January 08, 2018
An interview with industry veteran Aaron Turner that helps demystify the probable consequences of Meltdown and Spectre, the two headline-grabbing security vulnerabilities capable of exploiting critical vulnerabilities in modern processors. Turner breaks down what you should do.
2018-01-04 06:16:00
Security New Year’s Resolutions
By Katherine Teitler
January 04, 2018
Working in the field of cybersecurity can be extremely rewarding, but it can also be extremely stressful and lead to burnout, if you let it.
2018-01-02 06:09:00
What It Means To Do DevOps
By Marcos Colón
January 02, 2018
One expert discusses the growing importance of DevOps within the enterprise, the initial steps organizations should be taking to implement a DevOps approach, and how to get buy-in from key stakeholders.
2017-12-29 06:12:00
News in a Minute Weekly Roundup | Dec. 29
By Marcos Colón
December 29, 2017
Here’s a look at some of the top news stories that wrapped up 2017. Major items included a critical vulnerability patched by Mozilla, Nissan Canada announcing a data breach that impacted more than one million customers, and hackers targeting a zero-day vulnerability in Huawei home routers.
2017-12-28 06:30:00
6 Things Security Practitioners Should Know About the SOC
By Katherine Teitler
December 28, 2017
The security operations center is a critical element of running a situationally aware security organization. Unfortunately, many companies today don’t have the resources to form one.
2017-12-26 06:12:00
Readers Choice: Top 10 InfoSec Insider Articles of 2017
By Marcos Colón
December 26, 2017
You picked them! Here's a look at the most read articles published on InfoSec Insider in 2017. From CASB to threat intelligence, you'll find a unique mix of some engaging content that answers some of your pressing questions.
2017-12-22 06:12:00
News in a Minute Weekly Roundup | Dec. 22
By Marcos Colón
December 22, 2017
With so much going on in the office last week, here’s a look at some of the top stories you may have missed, including claims that Uber may have illegally accessed its competitors’ networks, Kaspersky Lab asking a court to overturn the Trump Administration’s ban of its software, and more.
2017-12-20 06:56:20
The Pros and Cons of Leveraging OSINT Tools
By Marcos Colón
December 20, 2017
A threat intelligence expert shares his experiences and advice when it comes to leveraging OSINT tools, highlighting the benefits to security organizations, but also discussing the legal ramifications one could face by accessing them.
2017-12-18 05:56:00
How to Mitigate Cyber Risks through Cyber Insurance
By Katherine Henry & Brendan Hogan, Bradley Arant Boult Cummings LLC
December 18, 2017
Cybersecurity professionals can provide valuable input in their companies’ procurement of cyber insurance, and should be involved in all phases of cyber insurance procurement and management. Here are some important areas you should focus on.
2017-12-15 06:12:00
News in a Minute Weekly Roundup | Dec. 15
By Marcos Colón
December 15, 2017
A roundup of the top news stories in information security this week, including researchers exploiting a critical vulnerability that easily unlocks a popular gun safe, and a new bill threatening jail time for failing to disclose a data breach within 30 days.
2017-12-14 07:46:00
GDPR is Looming, and Companies are Laissez-faire
By Katherine Teitler
December 14, 2017
Companies can use GDPR as a way to shore up lax security controls and processes.
2017-12-13 05:57:35
How to Leverage Structured Analytic Techniques in Threat Intelligence
By Marcos Colón
December 13, 2017
Security professionals are over the hype surrounding threat intelligence. Now, they're aiming to find better ways to operationalize it. In this interview with Digital Shadows' Rick Holland, he explains why structured analytic techniques are an effective way to make sense and leverage your threat intelligence data.
2017-12-12 06:16:00
Hacked Websites: How Weak Security Impacts Us All
By Todd O'Boyle
December 12, 2017
Attackers are increasingly targeting vulnerable WordPress websites to prey on innocent users...because it's easy.
2017-12-11 07:46:00
Choosing the Infosec Career Path That’s Right for You
By Katherine Teitler
December 11, 2017
Choosing the right infosec career path might not be cut and dried, but certain personalities may be a better for for some roles.
2017-12-08 06:12:00
News in a Minute Weekly Roundup | Dec. 8
By Marcos Colón
December 08, 2017
A roundup of the top news stories in information security this week, including the UK warning its government agencies to steer clear of Kaspersky Lab products, PayPal dealing with a data breach, and NIST's latest Cybersecurity Framework draft.
2017-12-06 06:46:00
Canary Management…I Mean Change Management
By Joshua Marpet
December 06, 2017
Your change management process is tightened up and locked down, right? No, well, read on.
2017-12-04 07:46:00
Despite Technology Advances, Cybersecurity Programs Aren’t Keeping Pace
By Katherine Teitler
December 04, 2017
Cybersecurity teams have made advances against modern-day adversaries, but not at the pace they need to be to make a true impact against exponentially growing threats.
2017-12-01 06:12:00
News in a Minute Weekly Roundup | Dec. 1
By Marcos Colón
December 01, 2017
A roundup of the top news stories in information security this week, including an emergency security patch issued by Apple, a new variant of Mirai making the rounds, and a data breach impacting 1.7 million accounts.
2017-11-30 07:46:00
Artificial Threat Intelligence: Using Data Science to Augment Analysis
By Lance James
November 30, 2017
Data science can help analysts make more informed threat intelligence decisions...but only if it's integrated correctly.
2017-11-29 07:46:00
Becoming a Transformational CISO
By Katherine Teitler
November 29, 2017
Qualys's Mark Butler shares why CISOs must be more than security practitioners who keep their organization's data safe.
2017-11-27 07:46:00
The Rise of the Virtual Cyber Security Leader
By Dominic Vogel
November 27, 2017
Learn why the virtual CISO is quickly becoming an attractive option for enterprises.
2017-11-24 06:12:00
News in a Minute Weekly Roundup | Nov. 25
By Marcos Colón
November 24, 2017
A roundup of the top news stories in information security this week, including a massive data breach that Uber disclosed after nearly one year after attempting to conceal it and a new reporting detailing the increasing damage costs tied to ransomware.
2017-11-21 07:46:00
How I Became a Senior Software Architect
By Katherine Teitler
November 21, 2017
Infosec Insider learns how practitioners from across the cybersecurity industry came into their current security role.
2017-11-20 07:46:00
The Business Benefit of Backups
By Katherine Teitler
November 20, 2017
There are many reasons organizations don’t back up systems correctly, but are any of them good reasons?
2017-11-17 06:12:00
News in a Minute Weekly Roundup | Nov. 17
By Marcos Colón
November 17, 2017
A roundup of the top news stories in information security this week, including a slew of vulnerabilities addressed by Microsoft and Adobe, researchers claim to have cracked the new iPhone X's Face ID, and more.
2017-11-16 07:46:00
SSL/TLS Assurance
By Ed Moyle
November 16, 2017
TLS is the cornerstone of secure communications for networked communications, but are you implementing and maintaining it correctly?
2017-11-15 07:46:00
We Don’t Need More Security Awareness Training
By Katherine Teitler
November 15, 2017
Security awareness works, so why isn't it helping our enterprise become more secure?
2017-11-13 07:46:00
Why Do Data Breach Disclosures Take So Long? Let's Ask the SEC Chairman
By Shawn E. Tuma
November 13, 2017
Security pros act incredulous when they hear of a delayed breach disclosure, but is it wrong?
2017-11-10 06:12:00
News in a Minute Weekly Roundup | Nov. 10
By Marcos Colón
November 10, 2017
A roundup of the top news stories in information security this week, including a phony version of WhatsApp being downloaded more than one million times from Google Play, a big acquisition in the security space, and an Anonymous hacker seeking asymlum in Mexico.
2017-11-09 07:46:00
Google Pushes “Prompt” as Second Factor Security Verification
By Katherine Teitler
November 09, 2017
Two-factor authentication works; why aren't more enterprises requiring it as a default security measure?
2017-11-08 07:46:00
Trump’s Twitter Deactivation Reminds Us to Check Our Change Management
By Katherine Teitler
November 08, 2017
One rogue employee or unauthorized user can significantly impact your organization's information security risk...if you let them.
2017-11-06 05:08:21
Upstream Disconnect: Why CISOs and the Board Aren’t Seeing Eye to Eye
By Marcos Colón
November 06, 2017
After conducting 80 interviews with security leaders and board members, these two experts discuss the findings of their research and offer a rare window into how each group viewed progress and setbacks in their oversight of cyber risk.
2017-11-03 06:12:00
News in a Minute Weekly Roundup | Nov. 3
By Marcos Colón
November 03, 2017
A roundup of the top news stories in information security this week, including a USB stick containing sensitive Heathrow security data found on the street, FireEye releases a password cracking tool for free, and Apple finally addresses the KRACK flaw.
2017-11-02 07:46:00
The ACDC Act Would Take Defenders’ Eyes Off Real Cyber Defense
By Katherine Teitler
November 02, 2017
The Active Cyber Defense Certainty Act could have negative impacts on defenders' security efforts.
2017-11-01 07:46:00
The Cyber Professional’s Personality Profile
By Dominic Vogel
November 01, 2017
To get the most out of your relationship with your CISO, it will be helpful for you to understand what makes them tick.
2017-10-30 07:46:00
Why A Lower Cost Per Data Breach Isn’t Cause for Celebration
By Katherine Teitler
October 30, 2017
A look at what the Ponemon "Cost of Data Breach" study tells us about how to prepare for a data breach or cybersecurity incident.
2017-10-27 06:12:00
News in a Minute Weekly Roundup | Oct. 27
By Marcos Colón
October 27, 2017
A roundup of the top news stories in information security this week, including Kaspersky Lab conceding to obtaining hacking tool source code and a new attack group setting its sights on cybersecurity pros.
2017-10-26 07:46:00
How I Became a CTO
By Katherine Teitler
October 26, 2017
Infosec Insider learns how practitioners from across the cybersecurity industry came into their current security role.
2017-10-25 06:02:00
The Problem with Network Monitoring
By Katherine Teitler
October 25, 2017
Ixia Director of Application and Threat Intelligence, Steve McGregory, discusses how cyber attackers are evading network detection, and shares tips on how organizations can move towards better prevention and detection.
2017-10-23 07:46:00
Hiring for Security is Hard. So What?
By Katherine Teitler
October 23, 2017
Cybersecurity staffing is a hot button issue, but not one that can be ignored just because it's a challenge.
2017-10-20 06:12:00
News in a Minute Weekly Roundup | Oct. 20
By Marcos Colón
October 20, 2017
A roundup of the top news stories in information security this week, including the Locky ransomware making a comeback, Adobe releasing a rare out-of-band patch, and tech giants scrambling to patch a nasty WPA2 vulnerability.
2017-10-19 07:46:00
How I Became a Threat Intelligence Professional
By Katherine Teitler
October 19, 2017
Infosec Insider learns how practitioners from across the cybersecurity industry came into their current security role.
2017-10-17 06:42:37
The Obsolescence of Passwords: How to Leverage Behavior-Based Security
By Marcos Colón
October 17, 2017
Aetna CSO Jim Routh discusses why he believes passwords are obsolete, how he’s done away with them at Aetna, and why and how security managers can take a similar approach.
2017-10-16 07:46:00
SMBs' Cyber Attack Woes are Rising
By Katherine Teitler
October 16, 2017
The "2017 State of Cybersecurity in Small & Medium-Sized Businesses" report reveals what we already know about security, but what will companies do about it?
2017-10-13 06:12:00
News in a Minute Weekly Roundup | Oct. 13
By Marcos Colón
October 13, 2017
A roundup of the top news stories in information security this week, including consulting firm Accenture leaving servers containing personal information completely unprotected and Patch Tuesday addressing a slew of vulnerabilities including a zero-day flaw.
2017-10-11 06:02:33
Why IoT Devices Turn Up the Heat on Security Pros
By Marcos Colón
October 11, 2017
Trustwave Threat Intelligence Manager Karl Sigler discusses the non-traditional devices that security professionals should have on their radar and how thermostats can figuratively turn up the heat for infosec pros, and literally for the enterprise.
2017-10-10 07:46:00
The Security Talent Gap, Not Just A People Problem
By David Etue
October 10, 2017
New people, more education, and development are not the only ways to fill the security talent gap.
2017-10-09 06:27:00
Plan to Think and Think to Plan: Avoiding Quick Decisions in Information Security
By Marcos Colón
October 09, 2017
Four techniques information security professionals can use to set themselves up for success in the event of a data breach.
2017-10-06 06:12:00
News in a Minute Weekly Roundup | Oct. 6
By Marcos Colón
October 06, 2017
A roundup of the top news stories in information security this week, including Equifax stalling on installing a patch that ultimately resulted in its data breach, Yahoo revealing that their 2013 data breach was much bigger than expected, and updates to Netgear products.
2017-10-05 07:46:00
How I Became a Trust and Security Engineer
By Katherine Teitler
October 05, 2017
Infosec Insider learns how practitioners from across the cybersecurity industry came into their current security role.
2017-10-04 06:09:00
Risk Management as an Iterative Cycle
By Katherine Teitler
October 04, 2017
Dave Lewis, Global Security Advocate at Akamai Technologies, explains why organizations need to build the security program around people and processes.
2017-10-02 07:46:00
States Push for Consumer Protection in Credit-Related Data Breaches
By Katherine Teitler
October 02, 2017
The Equifax data breach has spurred two state attorneys general to draft legislation that places the onus for lost credit-related data on the credit bureaus themselves.
2017-09-29 06:12:00
News in a Minute Weekly Roundup | Sept. 29
By Marcos Colón
September 29, 2017
A roundup of the top news stories in information security this week, including the Sonic drive-in chain announcing a data breach impacting millions, Whole Foods disclosing an additional breach, and Oracle patching a critical Apache Struts bug.
2017-09-28 06:09:00
Information Security Leadership is About People
By Katherine Teitler
September 28, 2017
Tom Eston shares his thoughts on what it takes to become a leader, and why it's important for security practitioners to do so.
2017-09-27 07:46:00
Hackers Aren’t all Bad… $15k for Puerto Rico Recovery
By Joshua Marpet
September 27, 2017
Hackers donate to Puerto Rico hurricane disaster relief fund through Hackers for Charity.
2017-09-26 07:46:00
Authentication Failure Leads to IP Theft at Deloitte
By Katherine Teitler
September 26, 2017
The Deloitte breach teaches us that we have many cybersecurity lessons to learn—even ones we already know.
2017-09-25 07:46:00
Where Are All My Ladies in Cybersecurity?
By Katherine Teitler
September 25, 2017
When it comes to women in the workforce, it’s a fairly well-known fact that information security does a pretty terrible job of increasing the ratio of women to men.
2017-09-22 06:12:00
News in a Minute Weekly Roundup | Sept. 22
By Marcos Colón
September 22, 2017
A roundup of the top news stories in information security this week, including a new Apache vulnerability that's similar to Heartbleed, and a new study sheds light on the costs of data breaches for U.S. enterprises.
2017-09-21 06:09:00
Using Media’s Spotlight to the Security Team’s Advantage
By Katherine Teitler
September 21, 2017
Mark Bulter discusses how security leaders can leverage media attention to accelerate the security program and drive innovation.
2017-09-20 07:46:00
Who Cares About Infosec Anyway?
By Katherine Teitler
September 20, 2017
Security awarness programs that focus on what's important to security practitioners are less effective than those than focus on employee interests.
2017-09-18 07:46:00
Why Ransomware Will Continue to Target Healthcare
By Katherine Teitler
September 18, 2017
“Defray” ransomware is making its way around the healthcare industry, proving that cyber criminals still need only target low-hanging fruit.
2017-09-14 07:46:00
Threat Modeling and Architecture
By Adam Shostack
September 14, 2017
A follow up to his piece, "Rolling Out a Threat Modeling Program," Adam Shostack discusses threat modeling in the architecture process.
2017-09-13 07:46:00
Did Equifax Wait Too Long to Notify the Public?
By Katherine Teitler
September 13, 2017
Equifax committed so many infosec data breach sins, but delaying public notification is probably not one of them.
2017-09-11 07:46:00
The Equifax Breach is not Just Another “Oops”
By Katherine Teitler
September 11, 2017
The Equifax breach should be a wakeup call that we're doing security wrong.
2017-09-09 02:41:00
News in a Minute Weekly Roundup | Sept. 8
By Marcos Colón
September 09, 2017
A roundup of the top news stories in information security this week, including a massive data breach impacting up to 148 million Americans and a vulnerability affecting 465,000 pacemakers.
2017-09-05 07:46:00
Can We Finally Do Away with Password-Based Authentication?
By Katherine Teitler
September 05, 2017
Jonathan Sander discusses how traditional password management and authentication methods are insufficient to handle today's system access.
2017-09-01 06:41:00
News in a Minute Weekly Roundup | September 1
By Marcos Colón
September 01, 2017
A roundup of the top news stories in information security this week, including researchers discovering the largest spambot to date and cybercriminals taking advantage of the Hurricane Harvey news.
2017-08-31 07:46:00
Smarter Security Decisions: Attend the Threat Intelligence Summit
By Katherine Teitler
August 31, 2017
See what's on tap for MISTI's Threat Intelligence Summit, scheduled for November 29-30, 2017 in Austin, TX.
2017-08-30 06:00:26
How to Face IoT Threats Head On
By Marcos Colón
August 30, 2017
A discussion on the impact that IoT attacks have had on enterprises, and tips on what security managers can do to face these challenges head on.
2017-08-28 07:46:00
Tech Giants Take on the Supreme Court in Digital Data Battle
By Katherine Teitler
August 28, 2017
In a brief filed with the Supreme Court earlier this month, 15 major U.S.-based technology companies petitioned the court on the subject of digital data.
2017-08-25 06:41:00
News in a Minute Weekly Roundup | August 25
By Marcos Colón
August 25, 2017
A roundup of the top news stories in information security this week, including a LinkedIn flaw that could impact millions, President Trump spinning off the U.S. Cyber Command from the NSA, and more.
2017-08-24 07:46:00
How to Buy Security Products
By Katherine Teitler
August 24, 2017
How do you choose the right security products for your environment when the market is overcrowded and intentionally noisy?
2017-08-23 05:27:00
Security is a Skill Set, Not a Tool
By Katherine Teitler
August 23, 2017
Adrian Sanabria shares why tools acquisition isn't the answer to your information security woes, and explains how teams can increase efficacy without increasing expenditures.
2017-08-21 07:46:00
What Happened to Threat Intelligence?
By Katherine Teitler
August 21, 2017
The threat intelligence tools market has exploded, shaping how organizations look at the threat landscape—but not necessarily for the better.
2017-08-18 06:41:00
News in a Minute Weekly Roundup | August 18
By Marcos Colón
August 18, 2017
A roundup of the top news stories in information security this week, including APT28 targeting hotel Wi-Fi networks and the State Department quietly launching a new cybersecurity office.
2017-08-17 07:46:00
How Governors are Jumpstarting Cybersecurity at the State Level
By Katherine Teitler
August 17, 2017
Governors from 38 states have decided it’s time to take cybersecurity initiatives into their own hands.
2017-08-16 06:02:35
The Growing Professionalism of Cybercrime
By Marcos Colón
August 16, 2017
How the professionalism surrounding cybercrime has grown evolved, and what you can do to prepare.
2017-08-14 06:46:00
Conquering CASB Confusion
By Adrian Sanabria
August 14, 2017
CASB was widely regarded as the quickest-growing market ever in cybersecurity, but what impact does it have today?
2017-08-11 06:41:00
News in a Minute Weekly Roundup | August 11
By Marcos Colón
August 11, 2017
A roundup of the top news stories in information security this week, including security updates issued by Microsoft, Adobe and Google, a new vocabulary framework released by NIST, and a study that points to women in infosec feeling empowered in their roles.
2017-08-10 07:02:46
Why it’s Vital to Secure your Virtualization Infrastructure
By Alan Sugano
August 10, 2017
Because of the concentration of company data on ESXi/Hyper-V hosts, it becomes mission critical to secure your virtualization infrastructure accurately.
2017-08-09 07:27:00
What Happens When In-Network Traffic is Your Biggest Threat?
By Katherine Teitler
August 09, 2017
In a network perimeter-less world, enterprise security practitioners need ways to verify the authenticity of applications and the devices and users running those applications; firewalls just fall short.
2017-08-08 07:00:00
Firewalls: No Simple Solution to Network Security but an Essential Element Nonetheless
By Katherine Teitler
August 08, 2017
Marcus Ranum talks current firewall capabilities, what micro segmentation will solve (and what it won't), and the future of network security.
2017-08-07 06:37:40
OPSEC Tradecraft: Protecting the Online Persona
By Lance James
August 07, 2017
In our last article, we discussed how disciplines like psychology and behavior-profiling can help us to better understand the adversary at the end of the keyboard. Now we are going to extend similar disciplines to ourselves as intel analysts.
2017-08-04 07:41:00
News in a Minute Weekly Roundup | August 3
By Marcos Colón
August 04, 2017
A roundup of the top news stories in information security this week, including voting machine hacks, Anthem reporting yet another data breach, and spoilers being released after episodes of everyones favorite medieval HBO were leaked.
2017-08-03 07:46:00
Will the Latest (Proposed) IoT Legislation Make a Difference?
By Katherine Teitler
August 03, 2017
The proposed "Internet of Things Cybersecurity Improvement Act of 2017" signals a shift in attitudes about cybersecurity's impact on public safety.
2017-08-02 07:27:36
How Cybersecurity Can Step Up Its Game Through Information Sharing
By Marcos Colón
August 02, 2017
Michael Daniel, the former cybersecurity advisor to President Obama and current president of the Cyber Threat Alliance, offers up his thoughts on why information sharing is a critical component of combatting cyber threats today.
2017-08-01 07:46:00
Can the “Right to be Forgotten” Lead to Better Data Security?
By Katherine Teitler
August 01, 2017
Should individuals have the right to have their data removed from search engine results and providers' systems, and what impact would that have on information security?
2017-07-31 08:30:00
Key Hiring Questions to Ask During Infosec Interviews
By Katherine Teitler
July 31, 2017
We’ve all heard about the security staffing shortage; it attracts a lot of press and is hard to ignore. If you’re currently working for an organization that is not hiring, you, yourself, might be receiving regular calls from recruiters about one of the estimated 1 million open positions. Maybe you’re even covertly scoping out your next job opportunity.
2017-07-28 07:41:00
News in a Minute Weekly Roundup | July 28
By Marcos Colón
July 28, 2017
A roundup of the top news stories in information security this week, including a massive security breach that resulted in more than 5 million stolen Social Security numbers.
2017-07-27 07:48:16
How to Tackle the Expo Floor at Infosec Conferences
By Marcos Colón
July 27, 2017
In this exclusive video interview, Mike Spanbauer, VP of Security Test and Advisory, provides some helpful tips to security professionals when it comes to vetting security technology.
2017-07-26 07:46:00
Revisiting the Security Roadmap
By Katherine Teitler
July 26, 2017
A security roadmap is a powerful tool for aligning security processes with business requirements and goals, and improving the general efficacy of the security program.
2017-07-21 07:41:00
News in a Minute Weekly Roundup | July 21
By Marcos Colón
July 21, 2017
A roundup of the top news stories in information security this week, including the largest security update that Oracle has issued to date.
2017-07-20 07:46:00
8 Tips for Submitting an Outstanding Conference Talk Proposal (part 2)
By Katherine Teitler
July 20, 2017
Now that we've looked at the basics for submitting an outstanding CFP, we'll look at a few more tips and tricks for getting your submission picked.
2017-07-19 07:46:00
A Day in the Life of a Security Executive (part 4)
By Katherine Teitler
July 19, 2017
A look at the career path of information security executive Georgia Weidman.
2017-07-18 07:46:00
8 Tips for Submitting an Outstanding Conference Talk Proposal (part 1)
By Katherine Teitler
July 18, 2017
Submitting a great call for presenters proposal is about more than simply writing about your expertise.
2017-07-14 07:41:00
News in a Minute Weekly Roundup | July 14
By Marcos Colón
July 14, 2017
A look at some of the top news stories in information security this week, including President Trump proposing a cybersecurity alliance with Russia, breaches impacting Verizon and Hard Rock Hotel and Casinos, and Microsoft, Adobe and SAP all addressing security flaws.
2017-07-13 07:46:00
New Attacks Mean Back to Basics…Again
By Katherine Teitler
July 13, 2017
Information security cannot be bought; organizations need to focus on security fundamentals to ward off the latest and greatest cyber attacks.
2017-07-12 07:46:00
A Day in the Life of a Security Executive (part 3)
By Katherine Teitler
July 12, 2017
A look at the career path of information security executive Summer Fowler.
2017-07-10 07:46:00
Rolling Out a Threat Modeling Program
By Adam Shostack
July 10, 2017
As a leader, you need to be able to see the forest and chart a path through it.
2017-07-07 07:41:00
News in a Minute Weekly Roundup | July 7
By Marcos Colón
July 07, 2017
A look at some of the top news stories in information security this week, including U.S. Senators being suspicious of Kaspersky Lab, and Mozilla analyzing the security posture of the top one million websites.
2017-07-06 07:00:00
How Far Should You Go with Employee Monitoring?
By Katherine Teitler
July 06, 2017
Depending on your source, insider threat accounts for anywhere from 27% - 77% of all breaches. Despite the disparity in agreement about size of the problem, most security practitioners agree that the difficulty identifying insider threat is greater than identifying external threats.
2017-07-05 07:00:00
Top 5 Lies about Cloud Security
By Katherine Teitler
July 05, 2017
A look at some of the common myths surrounding cloud security.
2017-07-04 07:28:00
Your Best Pentest Yet, in Six Simple Steps
By Katherine Teitler
July 04, 2017
Understanding system weaknesses from both an internal and external point of view can save a lot of headaches, not to mention data theft, financial loss, legal nightmares, and brand damage.
2017-07-03 07:28:00
Are You Kidding Me? Digital Forensics Tips for Real-World Enterprises
By Bill Dean, Director of Computer Forensics and Security Assessments, Sword & Shield Enterprise Security
July 03, 2017
Most everyone has some familiarity with digital forensics. After all, we've seen CSI Cyber, right? For the record, that isn't really how it works.
2017-06-30 07:46:00
Security vs. Humans: Techniques for Dealing with Social Engineering Threats
By Katherine Teitler
June 30, 2017
Social engineering works. Which is why threat actors take advantage of humans’ innate trust in others.
2017-06-29 07:46:00
A Day in the Life of a Security Executive (part 2)
By Katherine Teitler
June 29, 2017
A look at the career path of information security executive Kristy Westphal.
2017-06-28 07:46:00
PetyaWrap is Wannacry’s Honey Badger Upgrade
By Adrian Sanabria
June 28, 2017
A honey badger, like the Petya ransomware, waits to see if you make the mistake of underestimating it.
2017-06-26 07:46:00
The “Best Practice” Parable
By Joshua Marpet
June 26, 2017
"Best practices” are subjective, of course, though the phraseology leads people to believe that these “best practices” are, in fact, the best.
2017-06-22 07:47:05
These Are the Three Exploit Kits You Should Know About
By Marcos Colón
June 22, 2017
A look at three cyber threats that are keeping the exploit market alive, with advice on what you can do to protect your organization and employees from them.
2017-06-21 07:46:00
How to Combat Alert Fatigue
By Katherine Teitler
June 21, 2017
A recent report by the Cloud Security Alliance and SkyHigh Networks says that 50% of organizations are using six or more security tools that generate constant alerts.
2017-06-20 07:46:00
Government Gains Ground on Modernizing Hackable Technology
By Katherine Teitler
June 20, 2017
Government decisions and the passage of new laws are slow moving, which is just one of the reasons outdated laws are governing current technology usage.
2017-06-19 07:46:00
Incident Response is About More Than Responding to Incidents
By Katherine Teitler
June 19, 2017
Incident response preparedness is an integral part of every organization’s cybersecurity program.
2017-06-15 07:57:43
A Day in the Life of a Security Executive
By Marcos Colón
June 15, 2017
A look at the career path of information security executive Christy Wyatt.
2017-06-14 07:46:00
Survey Says: Security Tech Investments Aligned with Strategy
By Katherine Teitler
June 14, 2017
Earlier this month Scale Venture Partners released a survey report on The State of Cybersecurity Priorities and Strategies 2017, based on the opinions of 200 security leaders in the United States.
2017-06-13 07:46:00
5 Things to Not Include in Your Board Presentation
By Katherine Teitler
June 13, 2017
Presenting to the board of directors has become an ongoing reality for many CISOs and senior security professionals.
2017-06-08 07:46:00
Becoming the Best Infosec Leader, Even Under Difficult Circumstances
By Katherine Teitler
June 08, 2017
The pressures of leading a security organization are diverse. From hiring the right staff, to keeping up with technological change.
2017-06-07 11:22:02
IoT Blindspots: The Four Devices That Should be on Your Radar
By Marcos Colón
June 07, 2017
Connected devices are trickling into the enterprise. While these four devices should be monitored by security managers, they may not currently be on their radar.
2017-06-06 07:46:00
5 Ways to Find the Low-Hanging Fruit on Your Network
By Katherine Teitler
June 06, 2017
When it comes to securing an organization’s network, there is no shortage of basic blocking and tackling to be done.
2017-06-05 07:46:00
What Trump’s Cybersecurity Executive Order Means…or Does Not Mean…for Enterprises
By Katherine Teitler
June 05, 2017
It has been less than a month since U.S. President Trump issued an Executive Order aimed at improving the nation’s cybersecurity defenses.
2017-06-01 07:46:00
Why are Outdated Laws Governing Current Technology Usage?
By Katherine Teitler
June 01, 2017
When it comes to how corporations manufacture and sell products, different people have varying views on what role government plays in that process.
2017-05-31 08:22:56
Psyber Intelligence Part 1: Understanding the Human at the End of the Keyboard
By Lance James
May 31, 2017
The information security professional's guide to human intelligence collection.
2017-05-30 07:46:00
Why Customer Service is a Big Part of Your Security Job
By Katherine Teitler
May 30, 2017
Not too long ago an acquaintance sent me a frantic instant message, thinking she might have accidentally downloaded malware after clicking on an email attachment.
2017-05-29 06:16:00
Why Your Risk Management Practice Shouldn’t be On-Trend
By Ed Moyle
May 29, 2017
The security community often gets caught up in the latest and greatest tools and technologies, using those trends as a way to garner attention for the security program. But this strategy can backfire when it comes to real risk management and how seriously security is taken.
2017-05-25 07:46:00
Why the C-Suite is Your Biggest Shadow IT Risk
By Katherine Teitler
May 25, 2017
Shadow IT is problematic in the best of circumstances. In the worst cases, it poses a massive cybersecurity risk to the entire organization.
2017-05-24 07:46:00
Tackling Cellular Vulnerabilities
By Aaron Turner
May 24, 2017
Enterprise security professionals have been lax in our demands for visibility into how cellular networks put our organizations at risk.
2017-05-23 07:46:00
Cyber Hygiene Issues Exposed with WannaCry
By Katherine Teitler
May 23, 2017
Unless you’ve been living under a rock, you’ve heard about the WannaCry Ransomware attack.
2017-05-22 07:46:00
Malicious Insiders Are a Huge Problem But You Have a Bigger Issue
By Christy Wyatt
May 22, 2017
Aside from corporate data and proprietary intellectual property, employees are the greatest assets to companies.
2017-05-17 07:46:00
WannaCry: A Media Maelstrom Without Much Actionable Advice
By Katherine Teitler
May 17, 2017
Touted as the largest Ransomware attack in history by the media, WannaCry is certainly on the tips of tongues of corporations and consumers everywhere.
2017-05-16 07:46:00
DHS Funds Mobile Digital Trust Projects
By Katherine Teitler
May 16, 2017
Identity in the digital world has always been a point of contention for information security practitioners.
2017-05-15 08:00:21
4 Best Practices to Creating a BYOD Policy
By Marcos Colón
May 15, 2017
A run-through of the four best practices that every security manager should follow when implementing a bring-your-own-device policy.
2017-05-11 07:46:00
FTC Launches New Small Business Cybersecurity Website, But…
By Katherine Teitler
May 11, 2017
Earlier this week the Federal Trade Commission (FTC), the self-proclaimed consumer protection watchdog, launched a new website aimed at helping small businesses buff up cybersecurity practices.
2017-05-10 07:46:00
SS7 Exploit Proves New 2nd Factor Authentication Methods are Needed
By Katherine Teitler
May 10, 2017
Two-factor authentication (2FA) is held up by the information security community as one of the most effective ways to mitigate credential stealing and avoid account compromise.
2017-05-09 07:56:24
A Needle in a Haystack: Behavioral-Based Detection to Identify Anomalies
By Marcos Colón
May 09, 2017
In this video interview Josh Pyorre, security researcher at OpenDNS, discusses his approach to detecting threats.
2017-05-08 07:46:00
Building a Better Security Industry
By Katherine Teitler
May 08, 2017
How often have you heard the term “cultural fit” as it relates to employees of your or another’s place of employment?
2017-05-05 07:46:00
Compromised Credentials and Financially-Motivated Attacks Top the 2017 DBIR
By Katherine Teitler
May 05, 2017
The issuance of the DBIR has become an industry event of sorts, giving people the opportunity to carefully examine and argue the finer points against that which they see in their environments.
2017-05-03 07:46:00
Does the U.S. Need a Data Protection Authority?
By Katherine Teitler
May 03, 2017
When the House recently voted to overturn a proposed ruling that would have limited internet service providers’ ability to share and sell customer data, cries of “foul” were heard.
2017-05-02 18:02:02
Why Secure Data Logistics Provides Optimum Visibility
By Marcos Colón
May 02, 2017
Security experts David Etue and Christopher Ensey discuss their research into secure data logistics.
2017-05-01 07:46:00
Speaking to Malware: A New Approach to Combat Attacks
By Todd O’Boyle
May 01, 2017
Cyber attackers need persistent access to your company’s network, systems, and users to steal from you. The good news is that persistence can also be used against attackers.
2017-04-28 11:05:00
Why Innovation is the Key Ingredient to Establishing a Resilient Enterprise
By Marcos Colón
April 28, 2017
Jim Routh, CSO at Aetna, discusses the importance of focusing on the "three Ts of security" and highlights the most important things security executives must do to succeed.
2017-04-26 13:46:00
Pen Testing is Dead. Long Live Pen Testing
By Mike Landeck
April 26, 2017
A few years ago I was working with one of the savviest executives I have ever known. No one could negotiate a deal like he could.
2017-04-25 07:46:00
A Look at Security Leaders’ Priorities
By Katherine Teitler
April 25, 2017
There’s a phrase that’s oft repeated when a person is trying to understand what’s on the mind of and what motivates another person: What keeps you up at night?
2017-04-24 13:46:00
Running Security Operations Agilely
By Kristy Westphal
April 24, 2017
How, then, do security operations run better with Agile? DevOps, DevSecOps, and Agile all imply pretty big changes to your organization.
2017-04-20 13:46:00
Putting The Brakes On Hacked Cars
By Chris Hardee
April 20, 2017
Your average car has between 3 million and 10 million bugs buried somewhere within its code, but some carmakers are making an effort to update their cars.
2017-04-19 13:46:00
What Do You Do When the Tech Hits the Fan?
By Joshua Marpet
April 19, 2017
New technology is impressive, but sometimes it’s not available or just plain doesn’t work. Legwork, investigation, and following leads are skills security pros can’t forget to practice and use.
2017-04-18 13:51:53
What You Need to Know About Cyber Liability Insurance
By Marcos Colón
April 18, 2017
In this video interview with Risk Based Security CISO Jake Kouns, he offers up some helpful advice to security professionals on cyber insurance, and sheds light on its biggest misconception.
2017-04-17 22:33:42
Assessing Cryptographic Systems
By Ed Moyle
April 17, 2017
There are technologies operating in our environments that we tend not to pay attention to unless there’s a problem.
2017-04-14 13:46:00
Why Security Managers are Afraid of the Cloud
By Katherine Teitler
April 14, 2017
Cloud computing has become a ubiquitous part of today’s business operations. Though the cloud is not security practitioners’ favorite tool in the toolbox, it is here to stay.
2017-04-12 13:46:00
Staying in Front of the Development Lifecycle is the Key to Secure Apps
By Katherine Teitler
April 12, 2017
With the average number of web apps in use by organizations on the rise, unpatched vulnerabilities heighten risk, not just for specific users of that application, but for the entire organization.
2017-04-11 13:46:06
Fail vs Finished: The Difference Between Information and Intelligence
By Lance James
April 11, 2017
The majority of threat “intelligence” you receive and attempt to operationalize successfully currently isn’t intelligence at all; it’s simply information!
2017-04-10 08:00:00
Tips for Managing Diverse Personalities on Your Security Team
By Katherine Teitler
April 10, 2017
A security team—just like any functional area team—is made of up unique individuals with distinct personalities and working styles.
2017-04-04 07:00:00
Why Visibility is The CISOs Biggest Challenge
By Marcos Colón
April 04, 2017
The hurdles chief information security officers face today are more daunting than ever, given the evolving threat landscape, but most importantly, the current state of technology within the enterprise.
2017-04-03 08:00:00
Secure Data Logistics: How Information Security can Learn from Armored Cars
By David Etue
April 03, 2017
Valuable assets? High stakes? Motivated adversaries? Difficult attribution? Package delivery, armored cars, and information security have quite a lot in common.
2017-03-31 08:00:00
Focusing on Fundamentals in the Software Development Process
By Joshua Marpet
March 31, 2017
The typical software application is built to be sold, to send that code out the door as fast as possible so it can generate money for the company. But where does that leave security?
2017-03-30 08:00:00
End User Security Habits Aren’t Bound to Help your Corporate Program
By Katherine Teitler
March 30, 2017
Americans’ online security habits are just as bad as you’ve imaged, according to a recent survey of more than 2,000 respondents.
2017-03-29 08:00:00
What the CIA Leaks Mean for Security Managers
By Katherine Teitler
March 29, 2017
When WikiLeaks released a repository of hacking tools and techniques used by the CIA, the initial reaction was shock and awe, followed quickly by piqued interest, then a bit of annoyance.
2017-03-27 08:00:00
Taking Cyber Risk Management to the Next Level
By Jack Jones
March 27, 2017
The cyber risk landscape is complex and dynamic, which makes it inherently challenging to manage. Add the fact that organizations have limited resources...then it feels unmanageable.
2017-03-27 08:00:00
“Compliance is for Big Business!” Or So You Think
By Katherine Teitler
March 27, 2017
If a small business CEO thinks about compliance, he or she might think it’s relegated to big businesses. Who else has the funding and the time to attend to compliance? And does it really matter anyway?
2017-03-22 08:00:00
The State of Cyber Safety
By Katherine Teitler
March 22, 2017
As if protecting organizational systems from data theft and abuse weren’t a big enough challenge, “Poor cybersecurity hygiene is now having life-altering effects” says one industry expert.
2017-03-21 08:00:00
What is the Best Security Framework for your Business?
By Dominic Vogel
March 21, 2017
Cybersecurity frameworks are quite similar to relationships—you get out of them what you put into them. To some extent, we have all waded into the waters of cybersecurity frameworks.
2017-03-20 08:00:00
Preinstalled Mobile Malware Highlights Need for 3rd Party Risk Assessments
By Katherine Teitler
March 20, 2017
Consumer-grade mobile devices have been inserted into corporate environments while security teams are forced to sit on the sidelines of decision making.
2017-03-17 08:00:00
Machine Learning and Cyber Hunting for All Organizations
By Kris Lovejoy
March 17, 2017
As organizations around the world are dealing with the sophistication of today’s hackers, they are recognizing that proactive approaches are needed to address advanced cyber threats.
2017-03-16 08:00:00
What Keeps a Chief Privacy Officer Up at Night
By Katherine Teitler
March 16, 2017
The majority of people don’t even know every place their personal information has been provided or acquired, and it’s this quagmire that keeps privacy officers up at night.
2017-03-15 08:00:00
Secure Development for the Cloud
By Randall Brooks
March 15, 2017
Application exploits have become daily news, and as a result, application security and secure coding are developing focus areas of cybersecurity.
2017-03-14 11:51:49
Why Creating an Incident Response Plan is a Continuous Activity
By Marcos Colón
March 14, 2017
The fire department typically has a response plan they can put into use when a building is ablaze, involving equipment, angles to take on the fire, and what to do after the flames have been put out.
2017-03-13 08:00:00
Executives and IT Decision Makers Don’t See Eye-to-Eye on Security
By Katherine Teitler
March 13, 2017
A new study published by BAE Systems highlights the disconnect between C-level executives and IT Decision Makers when it comes to perceptions of cybersecurity within the enterprise.
2017-03-09 14:30:00
Are You Making These 5 Common Slide Deck Mistakes?
By Katherine Teitler
March 09, 2017
Anyone who has worked in a corporate environment for any appreciable amount of time has been asked to give a presentation of one sort or another.
2017-03-08 14:30:00
Enterprise Resiliency goes Beyond Disaster Recovery
By Gary Sheehan
March 08, 2017
Resiliency sounds like a common-sense approach to business. Each organization must prepare for change and disruptions in order to survive and prosper. Who wouldn’t want to do that, right?
2017-03-07 14:30:00
Why Is Identity & Access Management Hard?
By Katherine Teitler
March 07, 2017
“Identity and access management is the most fun and fulfilling part of my job,” are words unlikely to be spoken by many security practitioners.
2017-03-06 14:30:00
Victory in 100 Battles: How to Perform a Successful Asset Inventory
By Chris Poulin
March 06, 2017
If the term “asset inventory” elicits involuntary yawns of boredom, you’re not looking at the problem from the right angle. You could make an entire career out of a true, living asset inventory.
2017-03-03 22:19:01
Ransomware 101: What Security Managers Need to Know
By Marcos Colón
March 03, 2017
In this full video interview, Simon Crosby, co-founder and CTO at Bromium not only discusses the ins and outs of ransomware but offers up best practices for security practitioners.
2017-03-02 14:30:00
A Look at NY’s Stricter Cybersecurity Rules for Financial Institutions
By Katherine Teitler
March 02, 2017
Though the rules took effect at the beginning of the month, affected enterprises have transition periods ranging from 180 days to 18 months to comply with varying aspects of the law.
2017-02-28 08:30:00
Ransomware: Show Me the Money
By Ben Rothke
February 28, 2017
The effects of ransomware have been devastating to organizations, from locking hospitals out of patient data to police departments that have lost years’ worth of evidence.
2017-02-24 08:30:00
GDPR has Implications Beyond the EU
By Katherine Teitler
February 24, 2017
Compliance with the European law becomes mandatory on May 25, 2018, and given the complexities of adherence, companies are starting to scramble to put plans in place.
2017-02-23 08:30:00
Building Strong Infosec Teams through Diversity
By Katherine Teitler
February 23, 2017
In biology, it is well known that genetic diversity creates strength in that it helps build resilience to disease, disorders, and other human ailments. At a community level, we also find strength in diversity.
2017-02-22 08:30:00
The Three T’s of Cyber Security: Talent, Tools, and Techniques
By Katherine Teitler
February 22, 2017
When I started working in security I was taught, like most of us, to adopt a risk management control framework such as NIST, ISO, PCI, etc. and measure the alignment of security practices with control standards, procedures, and policies from the framework.
2017-02-15 11:48:00
The Continued Evolution of the CISO Role
By Marcos Colón
February 15, 2017
While some security professionals have climbed the ranks based on their technical know-how, it’s the transition into the business leadership role that tends to present the challenges for chief security officers.
2017-02-13 08:30:00
How to Approach an Effective Board Presentation
By Katherine Teitler
February 13, 2017
What is security’s purpose if not to help with risk management? Organizations run on varying degrees of risk—financial risk, operational risk, market risk, sociopolitical risk, etc.—and information security has become a big piece of the risk picture.
2017-02-09 09:00:00
Ridiculously Obvious Phishing Scams are Still Active
By Katherine Teitler
February 09, 2017
Just when you thought the infamous “Nigerian Prince” was a ubiquitously understood joke, it seems the security industry still has a long way to go when it comes to phishing.
2017-02-08 09:00:00
House of Representatives Passes an Important Privacy Bill
By Katherine Teitler
February 08, 2017
It would be somewhat of an understatement to say that methods of communication have changed over the last 31 years. Yet in that time, laws pertaining to the privacy of those new types of communication have remained stuck in the past.
2017-02-08 08:31:00
The Phishing Kill Chain
By Ira Winkler
February 08, 2017
As a person who currently focuses on security awareness, hearing about or witnessing successful phishing attacks is frustrating. What is more frustrating is listening to security professionals blame users for falling for a phishing message instead of looking at themselves.
2017-02-07 08:31:00
Leadership Lessons from the Orchestra
By Katherine Teitler
February 07, 2017
Leadership is a lot like playing in an orchestra. For those less familiar with an orchestra setting, let me explain. The basics: A traditional orchestra is made up of strings, woodwinds, brass, and percussion, plus keyboards.
2017-02-06 08:31:00
We Should Talk More!
By Joshua Marpet and Scott Lyons
February 06, 2017
Technologists are the bedrock of IT and IT security. They innovate, create, build, implement, maintain, and decommission the most amazing software and hardware systems ever compiled.
2017-02-03 08:31:00
What Happens When the President Insists on an Unsecure Device?
By Katherine Teitler
February 03, 2017
The President of the United States is apparently using an Android phone, and likely an outdated version, at that. Despite reports that the newly inaugurated president was, in typical fashion, offered a “secure, encrypted device approved by the Secret Service,” it appears Mr. Trump prefers his own personal device. Don’t we all?
2017-02-02 08:31:00
Signs You’ve Been Breached
By Katherine Teitler
February 02, 2017
It’s true that cyberspace is growing by the day, and as companies and individuals add more information to internet-accessible sources, the risk of compromise of that data grows in parallel. With this greater risk comes more responsibility.
2017-02-01 08:31:00
Risk v Threat: Threat Intelligence Exposed
By Katherine Teitler
February 01, 2017
A funny thing happened on the way to designing threat intelligence programs….we forgot about the risks! We as an industry tend to buy a lot of tools, sift through a lot of data, and send out a bunch of reports, but we forget to ask what we are really doing all of this for.
2017-01-30 08:31:00
Why Security Managers are Failing at Password Security
By Katherine Teitler
January 30, 2017
The idea of a password as a security mechanism is sound: One user with an individual identity plus a unique, secret password. In the physical world, this combination often works as it should, since the user’s identity travels with the user (in effect, adding a second factor of identification).
2017-01-27 08:31:00
Incident Response: It’s all in the Planning
By Katherine Teitler
January 27, 2017
The most fundamental part of incident response planning is to understand that it’s a living, breathing cycle. An organization can’t slap a plan together and expect that plan to carry the team through the next three to five years.
2017-01-26 13:31:00
Get Your Identity and Access Management Under Control
By Katherine Teitler
January 26, 2017
That idea of checks for every customer action, the weight of it, the precautions put in place—armed security guards, security cameras, security alarms positioned in ample locations—all signal to would-be thieves that any attack on a bank is going to require serious skill, planning, and personal risk.
2017-01-25 13:31:00
How to Cut Through Vendor Marketing Buzz on the Expo Floor
By Katherine Teitler
January 25, 2017
To say that the security vendor marketplace is crowded would be an understatement. For any problem a security team faces that can be aided with technology, look no farther than a conference expo floor and you’re sure to find (at least) dozens of self-proclaimed solutions in any given category.
2017-01-24 13:31:00
Pacemakers and Piracy: The Unintended Consequences of the DMCA for Medical Implants
By Cory Doctorow
January 24, 2017
As networked computers disappear into our bodies, working their way into hearing aids, pacemakers, and prostheses, information security has never been more urgent -- or personal. A networked body needs its computers to work well, and fail even better.
2017-01-20 13:31:00
Will The Government Affect Cybersecurity in the Near Future?
By Katherine Teitler
January 20, 2017
On this first day of a Donald Trump presidency, many people around the world are watching and wondering what is going to happen in corporate America. The speculation is no less prevalent in the security industry.
2017-01-19 13:31:00
Can Security and Compliance Coexist Happily?
By Katherine Teitler
January 19, 2017
Security staff are infamous for declaring “security does not equal compliance” whenever the topic of compliance is mentioned by a non-security person. The reasoning behind this is sound: Compliance is a set of minimum requirements and auditable actions or technologies.
2017-01-17 13:31:00
Tackling Government Cybersecurity Staffing Challenges
By Katherine Teitler
January 17, 2017
Cybersecurity staffing—and the industry shortage—is a frequent topic of conversation among security practitioners. But as nation state competition heats up, government and civilian agencies need to develop alternative hiring strategies if the U.S. wants to compete on a global scale.
2017-01-13 07:30:00
Two Questions to Answer Before Jumping Into Threat Intelligence
By Marcos Colón
January 13, 2017
Big data and the Internet of Things are two buzzwords that rang through the halls and show floors of security conferences across the nation for quite some time. Although ambiguous, the terms took the industry by storm.
2017-01-12 13:31:00
Want to Catch More Phish? Try This
By Katherine Teitler
January 12, 2017
As the results of the Anthem breach investigation make their rounds, the security industry is reminded once again that phishing is a highly effective attack method.
2017-01-10 13:31:00
Changing Security Awareness, One Set of Terms & Conditions at a Time
By Katherine Teitler
January 10, 2017
The Children’s Commissioner for England released a report last week stating the need for sweeping changes to terms and conditions on social networking sites, particularly those with audiences largely comprised of children and young adults.
2017-01-06 13:31:00
Maximizing Your Security Conference Experience in 2017 (part 3)
By Katherine Teitler
January 06, 2017
After planning to prepare to attend a security conference and deliberating your engagement strategy onsite, the next step in maximizing your security conference experience is thinking through how to get the most out of the information, ideas and advice provided during the event.
2017-01-05 13:31:00
Maximizing Your Security Conference Experience in 2017 (part 2)
By Katherine Teitler
January 05, 2017
In part one of this series on “Maximizing Your Security Conference Experience in 2017” we explored how preparing to attend an industry conference can yield positive results in terms of extracting value onsite. It’s not enough, though, to create a plan then sit back and wait for it to unfold.
2017-01-04 13:31:36
Maximizing Your Security Conference Experience in 2017
By Katherine Teitler
January 04, 2017
Jumping back into work at the start of a new year propels many to evaluate plans and commit to better habits, greater value, and generally getting the most out of work and/or life. It’s good to take a step back and think through what worked during the past year, what didn’t, and muse on how to maximize one’s efforts.
2016-12-29 08:00:00
Under Pressure: The Modern Day Security Practitioner
By Katherine Teitler
December 29, 2016
Earlier this year, Forbes published its view of the “10 Most Stressful Jobs in 2016.” Admittedly, the security profession isn’t as physically dangerous as fighting fires or piloting an airplane, but security comes with its own unique set of threats that make day-to-day work incredibly stressful.
2016-12-23 07:45:00
The Best of InfoSec Insider in 2016
By Marcos Colón
December 23, 2016
As we continue to ramp up our efforts in providing you with a resourceful library of content you can rely on, we’ve decided to reflect on some of the top InfoSec insider articles of 2016, based on the engagement we’ve received from our readers.
2016-12-22 08:00:00
Security and Privacy in 2017 (+3)
By Katherine Teitler
December 22, 2016
Many uncertainties await the world when the new United States administration takes office on January 20, 2017. The President-elect, while extremely vocal on the campaign trail, has been disconcertingly cagey in the weeks leading up to inauguration.
2016-12-21 08:00:00
Security Resolution: Better Communication for the New Year
By Katherine Teitler
December 21, 2016
The New Year is close upon us and many security firms and media outlets are busy publishing 2017 predictions or “the year in review.” Rather than following suit, we’d like to propose a New Year’s resolution to all security practitioners (and office workers, in general, really).
2016-12-20 08:00:00
Threat Intelligence Program Staffing Requirements
By Katherine Teitler
December 20, 2016
In security, where human resources are tight to begin with, thinking about where you’re going to find the best individuals to staff a threat intelligence team can quickly turn into a headache.
2016-12-20 07:45:00
DeMISTIfying Infosec: Marcher Trojan
By Katherine Teitler
December 20, 2016
The Marcher Android Trojan is a malware variant which first emerged in late 2013. Sold on underground forums, the early malware targeted predominantly Russian Android users.
2016-12-16 08:00:00
How Well Will Your Organization Withstand a Cyber Attack?
By Katherine Teitler
December 16, 2016
While security practitioners are thinking about exploits, vulnerabilities, controls, and threat actors’ TTPs, what executives really want to know is, “When the company is the victim of an attack, what effect will that have on the rest of the company, and how quickly can employees resume?"
2016-12-14 08:00:00
Evolving Threat Intelligence
By Katherine Teitler
December 14, 2016
“Security has a secret power: threat intelligence,” quipped Dave Ockwell-Jenner, Senior Manager, Security Threat & Operational Risk Management (STORM) at SITA, during MISTI’s recent Threat Intelligence Summit in New Orleans, Louisiana.
2016-12-13 07:45:00
DeMISTIfying Infosec: Server Message Block
By Katherine Teitler
December 13, 2016
Sever Message Block
A server message block (“SMB,” not to be confused with “small and medium businesses,” another common abbreviation) is an application layer network file-sharing protocol which allows systems within the same network to share and access files and resources easily. SMBs facilitate network communication between client applications and the server.
2016-12-12 08:00:00
Developing the National Cyber Incident Response Plan
By Katherine Teitler
December 12, 2016
Indeed, effective, successful organizations are attempting to proactively identify threats and indicators of compromise before they present serious destruction to the victim organization. Even the most robust and mature threat intelligence programs, though, aren’t immune to a breach.
2016-12-10 00:30:41
Why the Federal Government Developed a Cyber Incident Response Plan
By Marcos Colón
December 10, 2016
The days of focusing on the perimeter are over. Rather than waiting for the next cyberattack to strike, many security practitioners are focusing on the activity surrounding their critical assets, in addition to drafting incident response plans that activate once the inevitable breach occurs.
2016-12-05 08:00:00
Who Is the Most Negligent Insider?
By Katherine Teitler
December 05, 2016
“Insider threat” — it’s a term that gets thrown around a lot in cybersecurity circles. Practitioners want to know who is responsible for attacks and how attacks are being perpetrated so defenses can be appropriately implemented and provisioned.
2016-12-02 08:00:00
Has the CISO Finally Earned a “Seat at the Table”?
By Katherine Teitler
December 02, 2016
Over the past few years the security industry has seen a rise in the number of appointed CISOs. At companies where previously the security team was small, secluded, and likely managed by the CIO, it is refreshing that mention of a CISO is no longer followed by puzzled looks or blank stares.
2016-11-30 08:00:00
The Breach is Not the Problem
By Katherine Teitler
November 30, 2016
The All Powerful Breach…or threat thereof. How often do you, as a security practitioner, get asked by a colleague outside of the security team about the viability of a breach at your organization? Is a breach the meter by which security is measured?
2016-11-29 08:00:00
Inclusion is the Key to Security Staffing
By Katherine Teitler
November 29, 2016
Depending on your media outlet of choice, the current cybersecurity staffing shortage is either pressing or catastrophic. In either case, a staffing shortage exists and the industry needs to take more proactive steps to look beyond current talent pools to fill open positions, as well as positions that will be created as the industry continues to expand.
2016-11-23 15:40:44
How Companies Can Benefit From Hunt Teaming
By Marcos Colón
November 23, 2016
No matter their size, billions of dollars are spent on a yearly basis to protect networks at companies, yet headline-grabbing data breaches still occur.
2016-11-23 08:00:00
Smart Security Decisions: Attend the Threat Intelligence Summit
By Katherine Teitler
November 23, 2016
MISTI’s Threat Intelligence Summit in New Orleans in just two weeks away, and like the city itself, we’re ready to laissez le bon temps rouler! Threat intelligence is serious business—it helps organizations understand emerging threats and prepare defenses appropriately.
2016-11-22 08:00:00
Ransomware Success Highlights Security’s State of Preparedness
By Katherine Teitler
November 22, 2016
Ransomware is just a cyber twist on the age-old crime of taking someone/something hostage and demanding a payout for safe return. Cyber criminals have quickly learned that getting at organizations’ data then deploying malware to encrypt it carries a low technical barrier to entry (as opposed to kidnapping a human).
2016-11-21 07:45:00
DeMISTIfying Infosec: Pass-the-Hash
By Katherine Teitler
November 21, 2016
One of the ways to mitigate damage in the event of a breach is to “hash” password, or cryptographically convert a plaintext password to an irreversible output, like a key or token (i.e., “hash”) that is stored and can be used in place of the original input.
2016-11-16 08:00:00
What the Board Wants to Know about Security and Risk
By Katherine Teitler
November 16, 2016
Today, many organizations’ executive teams and boards of directors conflate cybersecurity and risk. Risk management is a broader practice than security alone, but cybersecurity is an increasingly “big ticket item” on boards’ agendas—alongside other more traditional risk discussions—since it’s clear that a major breach can impact the organization in meaningful ways.
2016-11-14 14:00:00
Threat Governance: Maturity, Threat Intelligence, and Lessons from IT Governance
By Ed Moyle, Director of Thought Leadership and Research, ISACA
November 14, 2016
Go to any security conference nowadays, and you’ll find that everyone and their brother (from end users to service providers to vendors) has jumped on the threat intelligence bandwagon.
2016-11-10 00:16:00
The New Identity and Access Management Normal
By Dan Houser, Security Architect & Perspicacious Security Iconoclast
November 10, 2016
A study of recent hacking attacks on corporations makes it obvious that (weak) password credentials are being used both inside and outside organizations, and are frequently the credential protecting remote access to the enterprise and its "crown jewels."
2016-11-09 00:16:00
Is Threat Intelligence Too Hard?
By Doug Gray, Senior Cyber Architect, Lunarline, Inc.
November 09, 2016
No threat actor ever avoided attacking your system because you marked a control as compliant. So why do so many defenders spend so little time understanding the threat?
2016-11-07 08:00:00
Redefining “Winning” and “Losing” in Security
By Katherine Teitler
November 07, 2016
Cybersecurity is a lot like driving; towns and cities and their respective road crews can keep roads in ace condition and post all kinds of clearly marked signs for speed limits, road hazards, dangerous curves, blind driveways, and the like. Police can patrol the roads for dangerous or illegal driving.
2016-11-03 08:00:00
How Security Directors Can Combat DDoS Attacks
By Katherine Teitler
November 03, 2016
With the recent Dyn distributed denial of service (DDoS) attack lighting up media headlines, enterprise security practitioners are being asked how to ensure that the organizations for which they work aren’t the next DDoS victims.
2016-11-01 08:00:00
What CISOs Should Consider Before Presenting to the Board
By Katherine Teitler
November 01, 2016
Cybersecurity has been gaining traction as a “board level topic” over the past several years. While boards of directors, along with executive management, all want the answer to, “How secure are we,” security professionals know that that answer doesn’t often come wrapped in a tidy little box.
2016-10-31 00:16:00
The Business Value of Cyber Threat Intelligence
By Rafal Los, Managing Director, Solutons Research and Development, Optiv
October 31, 2016
For nearly the last twenty years, enterprise security teams have been fighting threats to their business much like hapless teenagers fight demons in horror movies. Let me paint you a scene. Four people fleeing a horde of some type of evil take refuge in a run-down back woods cabin in the middle of nowhere.
2016-10-28 08:00:00
A Big Win for Privacy Could Increase Security Awareness
By Katherine Teitler
October 28, 2016
Yesterday morning the Federal Communications Commission (FCC) passed new—and controversial—rules regarding how internet service providers (ISPs) may use customers’ “sensitive” personal data.
2016-10-27 00:16:23
The Importance of Partnering in Infosec
By Antonio A. Rucci, Counterintelligence Special Agent (Retired), Information Technology & Technical Security Consultant
October 27, 2016
If you are engaged in in the information security (infosec) community for any length of time, regardless of whether you are Blue Team, Red Team, or Purple, one data point remains constant: You recognize the importance of partnering.
2016-10-26 08:00:00
Please, Stop with the FUD Already
By Katherine Teitler
October 26, 2016
Last week, as much of the U.S. was inconvenienced by the widespread DDoS attack on many popular websites, Joomla! casually released a notice warning of a critical patch to its software.
2016-10-25 08:00:00
DDoS Caused by Exploited Components is a Wakeup Call
By Katherine Teitler
October 25, 2016
Until last Friday, Internet of Things (IoT) cyber attacks were largely more theoretical than practical, at least for those outside of the cybersecurity research realm. When Reddit, Twitter, Netflix, Spotify, and PayPal, among others, were taken offline or significantly slowed due to a massive distributed denial of service (DDoS) attack last week.
2016-10-21 08:00:00
The Allure of (Insecure) WiFi
By Katherine Teitler
October 21, 2016
Employee mobility is no longer a privilege or nice-to-have, but a given in today’s workplace. At even very small organizations, it’s not uncommon to find executives or sales people who are on the road more often than they are settled in the office, and gone are the days when working remotely is considered the entitlement of a select few.
2016-10-19 08:00:00
The CIO Isn’t Your Enemy (but may be your boss)
By Katherine Teitler
October 19, 2016
Security teams fight many battles. There are threats, vulnerabilities, exploits, improperly configured systems, legacy equipment, lean budgets, staffing shortages, and users who are fallible. Any of these things, alone, add up to challenge, but possibly the biggest challenge security teams face is the battle between the security department and the CIO.
2016-10-18 08:00:00
Helping end users to manage their passwords
By Katherine Teitler
October 18, 2016
How to help your end users manage their passwords, with additional practical steps to improve your system security. This guidance focuses on the end user (rather than the system owner responsible for determining password policy).
2016-10-17 08:00:00
Security’s Message is Getting Lost in the Hype
By Katherine Teitler
October 17, 2016
Remember the “telephone game” played at parties when you were a kid? One person would make up a sentence or phrase which she or he then whispered into the ear of the person sitting next to him/her in a circle. That person would, in turn, whisper what he/she had heard into the ear of the next person in the circle.
2016-10-14 08:00:00
Developing the Super CISO
By Katherine Teitler
October 14, 2016
Defining a “good” chief information security officer is difficult. On one side, many CISOs have risen through the security ranks due to their technical prowess and were thus handed a “business position,” asked to manage a team, and required to start briefing the executive suite on the state of the company’s security.
2016-10-12 08:00:00
Practicing Risk Management
By Katherine Teitler
October 12, 2016
Risk management practices date as far back as the Renaissance period, but modern-day risk management, the version we all know and love/hate today, started taking shape only about 40 years ago when risk managers—mainly focused calculating insurance at the time—started looking for alternatives to insurance policies to manage risk.
2016-10-12 07:08:00
Can You See the Clouds Gathering?
By Mark Arnold, Senior Research Analyst, Office of the CISO, Optiv
October 12, 2016
For companies on the path of cloud adoption, the fear that dark “clouds gathering” could impact business health and one's financial bottom is a source of anxiety. Despite recent data that show cloud adoption rates consistent growth over the last 18 months, a group of holdouts endure.
2016-10-11 07:54:30
How the Growth of the Cloud Technology Market Impacts Security Managers
By Marcos Colón
October 11, 2016
Cloud technology has been moving at a tremendous pace. For businesses, it seems to have happened in the blink of an eye. It’s faster and more agile, with the ability to re-architect an entire infrastructure. But why has this happened so quickly, and what does it mean for security practitioners?
2016-10-07 08:00:00
Where is all the Security Talent?
By Katherine Teitler
October 07, 2016
Rumblings about the security talent deficit are pervasive. Just like news of recent breaches, it’s hard to get through a week without reading an article, viewing a webcast, or attending a conference during which the subject is not addressed.
2016-10-05 08:00:00
Beef Up Asset Protection with Security-as-a-Service
By Katherine Teitler
October 05, 2016
Information security is more integral to business growth than ever, and robust, verifiable security can be a point of differentiation. For smaller organizations, security-as-a-service can be a useful option, but many organizations don’t know how or when the time is right to make the move.
2016-10-04 08:00:00
Analyzing the CFP Review Process
By Katherine Teitler
October 04, 2016
Ah, the highly controversial call for presentations review process! Many infosec industry events use a CFP to find qualified speakers and tease out fresh topics. From a conference programmer’s perspective, the CFP submission process helps uncover new speakers, and it’s a productive way to learn what’s on the minds of industry speakers.
2016-09-29 13:00:00
Security and Ops Coordination Hinges on Communication
By Katherine Teitler
September 29, 2016
Rifts between the security team and other groups lead to inefficiency and reduced effectiveness. Information security isn’t getting as much done as is necessary in our breach-of-the-day world, yet old problems like failure to collaborate persist.
2016-09-27 09:00:00
Learning Lessons of Security Failures Ensures Future Success
By Katherine Teitler
September 27, 2016
As a first time DerbyCon goer, I didn’t quite know what to expect. In its sixth year, DerbyCon is well known throughout the security community, and I’ve worked with several of the speakers, a few of the organizers, and met many security vendor representatives at MISTI and past-job events.
2016-09-26 17:00:00
Be a Better Social Engineer and Security Manager
By Katherine Teitler
September 26, 2016
Twenty minutes before the talk was scheduled to begin, attendees anxiously queued up outside the center ballroom to hear Chris Hadnagy present Mindreading for Fun and Profit Using DISC. Hadnagy, a renowned social engineer and DerbyCon staple, promised to share with the audience “how to use a quick and easy profiling tool to make targets feel as if you can read their minds.”
2016-09-26 09:39:27
What Is Security Analytics? It Depends On Your Role
By Marcos Colón
September 26, 2016
By Marcos Colón
September 26, 2016
The cybersecurity industry is full of terms that both vendors and end users love to glom on to. Ok, maybe vendors lead the way, but their customers may not be doing a good job of speaking up and asking them to clarify what it is they do – taking the various mixed marketing messages as they come and running with it.
2016-09-21 08:00:00
Threat Intel in a Box? Not so Fast.
By Katherine Teitler
September 21, 2016
“You can’t just go to the shops and buy threat intelligence; it doesn’t come in a box.” This nugget of wisdom comes from Jim Hart, Vice President at AlixPartners LLP in the UK. Whilst upon reading, this idea is a big “no kidding,” yet many in the security industry still confuse threat intelligence feeds and tools with a threat intelligence program.
2016-09-20 08:00:00
Incorporating Purple Teaming into your Preparedness Strategy
By Katherine Teitler
September 20, 2016
“Red team” vs. “blue team” exercises have been adapted into cybersecurity from the military and intelligence realms. As a means to simulate real-life threats and attack scenarios, organizations have been putting this methodology into play, either with internal resources, or by hiring outside experts to help find system issues.
2016-09-16 08:00:00
Securing Security’s Future Through Better Hiring
By Katherine Teitler
September 16, 2016
Hiring security staff is a big challenge. Not only does the industry need more people to fill the open positions than it currently has, but to complicate matters further, hiring managers aren’t necessarily security professionals themselves; many organizations’ security teams report to IT, operations, or even finance.
2016-09-14 08:00:00
Do Security Certs Matter to You?
By Katherine Teitler
September 14, 2016
By many estimates, the demand for information security practitioners far exceeds availability. As security becomes an appreciable concern for large and small companies alike, it stands to reason that the industry is going to face a serious shortage in the coming years if new practitioners aren’t found or cultivated.
2016-09-13 08:00:00
When Security and Convenience Collide
By Katherine Teitler
September 13, 2016
When usability and accessibility are in question (and when aren’t they, really), end users will always seek out shortcuts that make their lives easier.
2016-09-09 16:19:28
Video: What You Need To Know About Cyber Threat Intelligence
By Marcos Colón
September 09, 2016
The term cyber threat intelligence gets thrown around a lot, especially on show floors teeming with security practitioners being approached by vendors with the solution to all their problems. But fundamentally, are organizations successfully leveraging the tactics surrounding it?
2016-09-08 10:00:00
Interested in Becoming an InfoSec Pro? Here’s Some Sage Advice
By Marcos Colón
September 08, 2016
Unless you're oblivious to the news, you're well aware that the information security industry is getting a lot of attention. Be it the headline-grabbing breaches taking place on a seemingly frequent basis, or the fact that the number of digital internet-connected devices per capita is increasing constantly.
2016-09-06 08:00:00
Security Budgeting Season is Upon Us
By Katherine Teitler
September 06, 2016
Like it or not, fall is right around the corner, and for many private enterprises, fall means Q4 which means facing the dreaded budgeting season. If budgeting itself weren’t cumbersome enough, cybersecurity budgets—even if they stand alone—are often part of a larger function.
2016-09-01 08:00:00
The Trouble with Identity
By Katherine Teitler
September 01, 2016
Identity is who we are. It’s what we do and how we do it. In the digital realm, our identities are part of what affords access to the systems, tools, accounts, and functionality that make it possible to perform job responsibilities and effectively contribute to the organizations for which we work.
2016-08-31 08:00:00
Protecting Mobile Communications When Traveling
By Katherine Teitler
August 31, 2016
Political staffer Huma Abedin has been dominating media headlines as of late for a number of issues, including leaked emails uncovered by Citizens United and released publicly by Fox News. In the exposed emails, she refers to an intent to leave her mobile device, specifically a BlackBerry, behind during a 2009 trip to Russia.
2016-08-30 08:00:00
Securing Applications; Creating Business Opportunities
By Katherine Teitler
August 30, 2016
Applications have become the technological underpinnings which enable employees to do their jobs faster, more accurately, and with greater ease. Applications have become so ubiquitous within organizations that most employees don’t even consider the tools with which they are working “applications” at all.
2016-08-26 08:00:00
Too Much Data; Too Many Headaches
By Katherine Teitler
August 26, 2016
The European “right to be forgotten” is an important directive for both privacy and information security advocates. With roots as far back as 1995, a European Data Privacy Directive laid the foundation—and set regulations—for how EU citizens’ personal information must be protected and handled by “controllers of personal data."
2016-08-24 08:00:00
Are Lengthy Terms and Policies Part of Security’s Problem?
By Katherine Teitler
August 24, 2016
When individual users are required to first accept usage policies and then interact with the website/application/tool by allowing it to collect information, both the user and the enterprise for which the user works are put in a position of risk. Why? Because the likelihood that he or she will read the policy is slim to none.
2016-08-23 08:00:00
Cloud Computing is Transforming Security
By Katherine Teitler
August 23, 2016
Cloud computing has been changing the way organizations operate for over a decade now. Without a doubt, the technology has evolved, offering varying levels of benefits along the way; agility, resiliency, and cost savings are chief among cloud’s attributes, as far as business owners and CFOs are concerned.
2016-08-19 08:00:00
Security Teams Suffer from lack of Visibility
By Katherine Teitler
August 19, 2016
Information security teams face a serious problem when they are unable to detect the presence of a threat actor inside organizational systems. Knowing who has access to key applications is an imperative for trying to protect the company, yet according to a new report published by Okta that may not be a case.
2016-08-17 08:00:00
The CFP Process Isn’t as Scary as you Think
By Katherine Teitler
August 17, 2016
Calls for presentations: Depending on whom you ask, CFPs are either a great opportunity for subject matter experts to display knowledge and vie for a coveted spot on a conference program, or an absolute nightmare, as the intended speaker carefully calculates the best topic to submit.
2016-08-15 08:00:00
Hacking the Term “Hacker”
By Katherine Teitler
August 15, 2016
The term “hacker” is thrown around liberally nowadays. It’s a surefire traffic-boosting headline, and the media seizes any opportunity to publish a story with a hacker connection, often positioning the word as a synonym for “malicious attacker.”
2016-08-12 08:00:00
Countering the “Security is Winning When Nothing Happens” Misconception
By Katherine Teitler
August 12, 2016
Many in the security industry, myself included, are guilty of falling into the trap of saying that security is a discipline in which the big “wins” come when “nothing happens.” It’s an easy statement to make, especially when working with business leaders who see only the end result (i.e., no breach, no media headline) and make this claim.
2016-08-11 08:00:00
Digital Trust: How do your Business Partners Affect Risk?
By Katherine Teitler
August 11, 2016
“We’ve seen breaches where the ‘partner effect’ has played a major role, but have you noticed that nobody seems to really know how to manage that risk well,” poses Pete Lindstrom, Vice President of Security Research at IDC.
2016-08-09 08:00:00
A Seeming APT has Been Discovered by Symantec and Kaspersky
By Katherine Teitler
August 09, 2016
Symantec and Kaspersky Lab simultaneously released information yesterday on “Strider” and “ProjectSauron” respectively. Strider, the attacker group, has reportedly been using a stealthy piece of malware called “Remsec” (Backdoor.Remsec) as part of ProjectSauron to spy on a small number of highly valuable targets in China, Russia, Belgium, and Sweden.
2016-08-04 08:00:00
When Governments Try to Control the Internet
By Katherine Teitler
August 04, 2016
Totalitarians need to control everything they can—it’s a deep-seated need that stems from the (occasionally true) fear that someone, somewhere, is plotting their overthrow. It seems that the totalitarian impulse to control extends to communications first, whether it’s mail, telegraph, telephone, or Twitter.
2016-08-03 07:00:00
3 Quick Tips to Help Healthcare Security Managers Lower Cyber Risk
By Marcos Colón
August 03, 2016
There’s progress being made in the healthcare industry as it relates to information security. Yes, recent studies indicate that 90 percent of all healthcare organizations have been the victim of a data breach in the last two years.
2016-08-01 08:00:00
So You Say You Want to be a Pentester
By Katherine Teitler
August 01, 2016
Penetration testing is a mandatory component of any thorough information security program, as security pros know. Company networks are vast and complex, and security teams have the (often thankless) job of protecting everything that falls under the general category of “IT” or “IS.”
2016-07-29 08:00:00
Talking Security: Your Words and Tone Matter
By Katherine Teitler
July 29, 2016
Listening to the political conventions these past two weeks, I couldn’t help but think about security: the conversations security practitioners have with senior management and other business units, the conversations practitioners have amongst themselves, and yes, even talks given at conferences.
2016-07-28 08:00:00
Honeypots Aren’t the Only Way to Catch Criminals
By Katherine Teitler
July 28, 2016
The Tor network, once known for its ability to provide anonymity and privacy for internet users, is once again losing the confidence of security and privacy advocates.
2016-07-27 08:00:00
The Feds are Seriously Taking Cybersecurity Seriously
By Katherine Teitler
July 27, 2016
On Tuesday, the White House issued its Presidential Policy Directive-41 (PPD-41), or “United States Cyber Incident Coordination” plan. The PPD follows on the heels of the Cybersecurity National Action Plan, the Obama administration’s attempt to button up cybersecurity efforts in the face of growing threats against U.S. entities.
2016-07-26 08:00:00
BC/DR Planning isn’t a “Someday” Activity
By Katherine Teitler
July 26, 2016
Security teams spend a fair amount of time thinking about incident response. The probability of an information security incident occurring forces teams to consider how to manage intrusions, leaks, and other security vulnerabilities or exploits.
2016-07-22 08:00:00
Tech Companies Assist the FBI in Criminal Takedown
By Katherine Teitler
July 22, 2016
After last winter’s frosty standoff, Apple and Facebook are now making headlines for being in cahoots with the FBI. For a few years, the bureau has been tracking Kickass Torrents, a very popular file sharing site, and trying to link illegal reproduction and distribution of online media, including movies, TV shows, music, and video games.
2016-07-21 08:00:00
Video: Why spending more on security technology is not the answer
By Marcos Colon
July 21, 2016
The evolving threat landscape makes it incredibly difficult for security professionals to protect their organizations. You’d think that with the abundance of security solutions deployed they’d be able to manage cyber risk effectively, yet, the technology that’s intended to protect their organizations may be causing more problems.
2016-07-20 08:00:00
Consumerization of Robo-Services Will Push Enterprise Automation
By Katherine Teitler
July 20, 2016
Betterment, an online investment robo-advisor, is the first of its kind to surpass $5 billion in assets under management. Robo-advisors, for those unfamiliar, are automated, algorithm-based finance portfolio management services.
2016-07-19 08:30:00
CISOs Need to be More Than Business Leaders
By Katherine Teitler
July 19, 2016
The role of the CISO is changing. We hear about it every day: CISOs must become more business oriented and fine-tune communication skills so other executives consider heads of security business equals.
2016-07-19 08:00:00
4 Ways to Strengthen Your Third-Party Risk Management Program
By Marcos Colón
July 19, 2016
Security practitioners consistently deal with a slew of issues tied to protecting their organization’s most critical assets. When asked what keeps them up at night, it’s an endless list that features connected devices, shadow IT and making sense of the security and risk organization to board members.
2016-07-14 08:00:00
Cyberattack on Boeing Results in Prison Sentence
By
July 14, 2016
Insider threat. Third-party risk. Phishing. Privilege escalation. Unencrypted sensitive data. This reads like a “Top 5” list of security concerns, but in fact it’s what allowed Su Bin, the owner of a Chinese aviation technology company, to help two Chinese nationals hack into Boeing’s network and steal more than 65GB of data from the defense contractor.
2016-07-13 08:00:00
The Promises of Privacy Shield are TBD
By Katherine Teitler
July 13, 2016
Privacy Shield, the much-anticipated new trans-Atlantic data transfer agreement between the EU and U.S., was approved yesterday by the European Commission. After months of debate and revisions, the Commission finally felt comfortable enough to rubber stamp the framework, which will actually undergo further analysis later this month.
2016-07-12 08:00:00
Are Tech Companies Responsible for All User Information?
By Katherine Teitler
July 12, 2016
The families of five terrorist attack victims filed a lawsuit in U.S. District Court on Monday. The families, claiming that Facebook enabled Palestinian militants to carry out deadly attacks in Israel, are suing for more than $1 billion, calling into question the responsibility of technology companies when it comes to security.
2016-07-08 08:00:00
The Evolution of Cybersecurity
By Katherine Teitler
July 08, 2016
“A lot of security departments are swimming in the wrong direction,” says Raef Meeuwisse, Director of Cybersecurity at Cyber Simplicity Ltd. By this, Meeuwisse means that companies haven’t yet redirected the scope of their security programs—the tools, technologies, and processes—to reflect current threats.
2016-07-07 14:29:00
Video: Debunking myths tied to cloud security
By Marcos Colon
July 07, 2016
Cloud security and privacy have evolved tremendously over the years, but there are still many organizations hesitant to adopt the technology.
2016-07-07 08:00:00
Password Sharing Gets its Day in Court
By Katherine Teitler
July 07, 2016
Security practitioners have long decried the practices of password sharing. Now an appellate court has bolstered that sentiment by handing down a decision in United States v. Nosal, ruling that a former employee of executive search firm Korn/Ferry International has violated the Computer Fraud and Abuse Act.
2016-07-06 08:00:00
Are Your Third-Party Risk Assessments up to Snuff?
By Katherine Teitler
July 06, 2016
Even small, home-spun businesses have a handful of third-party vendors with which they must connect to keep the lights on and the money flowing. Larger organizations might have hundreds or thousands of partners in the supply chain.
2016-06-29 09:00:00
Third Party Risk Management: The Russian nesting doll of infosec challenges
By Marcos Colon
June 29, 2016
For security practitioners, the name of the game is risk management. These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders.
2016-06-28 08:00:00
Brexit Gets a Bot: Petition website gets hacked
By Katherine Teitler
June 28, 2016
After the contentious Brexit vote last week, the British Parliament’s House of Commons Committee is investigating potential commandeering of an online petition calling for a second referendum on the matter.
2016-06-27 08:00:00
How Baylor University Approaches Its Security Challenges
By Katherine Teitler
June 27, 2016
Colleges and universities are generally considered settings for learning, openness, and ideas. Students and professors alike are encouraged to explore new thinking and push boundaries. The best academic universities on the planet have entire departments focused on researching subjects unconsidered universally.
2016-06-24 08:00:00
A Deeper Look at the Ponemon 2016 Cost of a Data Breach Study
By Katherine Teitler
June 24, 2016
The 2016 Cost of a Data Breach Study conducted by Ponemon Institute and sponsored by IBM was released in mid-June. One thing the report fails to do is focus on how organizations are improving or declining year over year. Luckily, past reports are still available, enabling a side-by-side look at a few of the key findings.
2016-06-21 08:00:00
The Security Practitioner’s Future
By Katherine Teitler
June 21, 2016
Several years after the introduction of DevOps, the security community continues to laud the method while scant few developers are hopping on the bandwagon. One of the issues is that “security” isn’t part of DevOps.
2016-06-20 08:00:00
A New Approach to Cloud Security Risk
By Katherine Teitler
June 20, 2016
The mention of cloud services no longer strikes fear in the hearts of security practitioners like it did a decade ago. While some security folks are still wary of providers’ claims, few can doubt that many of the larger, more prevalent cloud providers offer as good or better security than some enterprise security teams.
2016-06-17 09:00:00
Integrating Cloud Technology Can be a Breeze
By Katherine Teitler
June 17, 2016
Even under the best of circumstances, integrating cloud services and devices into an organization’s technology workflow can be challenging. In all fairness, integrating any new device or appliance into the technology stack requires careful planning, new processes, and often a bit of trial and error.
2016-06-17 08:00:00
What You Missed at Cloud Security World 2016
By Katherine Teitler
June 17, 2016
Cloud Security World 2016 finished up on Wednesday evening after two days of conversation around all-things-cloud security. “We’ve seen this before,” was a common refrain, and thankfully attendees have moved past the points of denying the existence of cloud services connected to their organizations and saying that cloud is “the largest” security concern.
2016-06-13 08:00:00
The “War” on Cybercrime isn’t Helping
By Katherine Teitler
June 13, 2016
Security is often a battle. In one corner we have the security team warning the rest of the business of the dangers of “X” or fighting to implement new policies and technologies that will help keep the business secure. In the other corner we have lines of business wanting and needing faster, better, more profitable enablement tools and processes.
2016-06-07 08:00:00
Avoid Being the Infosec Scapegoat
By Katherine Teitler
June 07, 2016
During the recent EuroCACS conference Raef Meeuwisse, Director of Cybersecurity & Data Privacy Governance at Cyber Simplicity Ltd., referred to the CISO as the “Chief Information Scapegoat Officer,” based on an article posted on Infosecurity Magazine.
2016-06-06 08:00:00
Incorporating People Searches into your OSINT Threat Program
By Katherine Teitler
June 06, 2016
OSINT, open source intelligence, is a great tool for companies looking to find threat information on the web. The wealth of information available can be overwhelming, clunky, and difficult to incorporate into a threat intelligence program, however.
2016-06-02 08:00:00
Wish You Were Here: China Proposes Contentious Cybersecurity Rules
By Katherine Teitler
June 02, 2016
China is once again making it more difficult for international organizations to conduct business in the country. Last year, the China Insurance Regulatory Commission (CIRC) announced draft rules that would require insurance carriers to buy and utilize “secure and controllable” solutions for IT.
2016-06-01 08:00:00
Incident Response Planning: You Can Go Your Own Way
By Katherine Teitler
June 01, 2016
Last night I watched as the driver of a rental moving truck took the top of the truck clear off as he drove under an overpass that was too low for clearance. The top scraped off a bit like the top of a sardine can; it peeled back and bits of curly-cued steal flew across Storrow Drive, one of the main crosstown parkways in Boston, MA.
2016-05-31 08:00:00
It’s The End of the World as We Know It
By Katherine Teitler
May 31, 2016
One of the security downfalls of Android devices is the profusion of independent device makers and the varying states of attention each manufacturer pays to device security.
2016-05-30 08:00:00
Modernizing SDL for Cloud
By Katherine Teitler
May 30, 2016
The original Software Development Lifecycle (SDL) was built with waterfall-style development in mind. As we continue the transition into heavier reuse of components and less pure development, all with shorter release cycles, the SDL needs modernization in parallel to help ensure secure software.
2016-05-27 08:00:00
I Still Haven’t Found What I’m Looking For
By Katherine Teitler
May 27, 2016
The Internet of Things (IoT) is transforming the world in ways unimaginable 5-10 years ago. For many of us, IoT extends to the innovation of smartwatches, connected cars, and smart home devices, which have substantially changed the way we live.
2016-05-26 08:00:00
A Change Would do you Good
By Katherine Teitler
May 26, 2016
Apple’s highly guarded and stringent software development process may start to chill out this summer, according to a report in The Information. The company is well known for its rigorous development practices, which helped it climb to the top of security practitioners’ lists as the platform of choice when selecting smartphones and mobile devices in recent years.
2016-05-23 08:00:00
Leaving on a Jet Plane
By Katherine Teitler
May 23, 2016
“Transportation Security Administration” may not actually refer to security, it seems, according to a report issued by the Office of Inspector General (OIG) of the Department of Homeland Security (DHS). The report details the results of an audit, conducted primarily to follow up on previously reported “deficiencies in information technology.”
2016-05-22 08:00:00
Keeping Up With the Cloud Security Evolution
By Brian Ahern
May 22, 2016
We're all familiar with the many benefits of moving to the cloud, but taking the steps to do it can be daunting. At the end of the day, however, if you take time to understand the risks posed by the cloud and implement a comprehensive strategy for managing them, you can take full advantage of all the benefits that come from running fast in the cloud.
2016-05-20 08:00:00
Lemme Tell Ya, Them Guys Ain’t Dumb
By Katherine Teitler
May 20, 2016
Ransomware is the hot, new buzzword in security. It is also a serious, escalating problem. Hospitals in Kentucky, Maryland, Ottawa, and California (among others) have had data held hostage in recent months; the U.S. House of Representatives blocked access to third-party email apps after ransomware attempts (or maybe unconfirmed attacks?) were perpetrated.
2016-05-18 08:00:00
Remote Execution
By Katherine Teitler
May 18, 2016
“Not even spring breakers, coffee makers, movers and shakers, or working-from home fakers…” This is the voiceover from a Kraft Macaroni & Cheese commercial. Even a company that manufacturers processed foods with no discernable nutritional value pits “movers and shakers” against work-from-home employees, as if, inherently, anyone who regularly works outside of an office is lazy and has questionable ethics.
2016-05-17 08:00:00
At First I was Afraid, I was Petrified
By Katherine Teitler
May 17, 2016
All organizations know that flexibility, productivity, and personalization were drivers of the BYOD movement that started to take hold five, six years ago. Nowadays, the term is barely used, but BYOD'ing is commonplace at 99% of organizations, according to a new study conducted by IBM and sponsored by ISMG.
2016-05-13 08:00:00
All I do is Win
By Katherine Teitler
May 13, 2016
The decline in TalkTalk's profits is undoubtedly due to the aftereffects of a cyberattack in which the names, phone numbers, and email addresses of a reported 157,000 customers were lost. In addition, during the same incident 21,000 bank account numbers were accessed.
2016-05-12 08:00:00
The Tide is High but I’m Holdin’ On
By Katherine Teitler
May 12, 2016
Yesterday, mobile security firm, Wandera, released findings from the company’s research into the state of mobile application security. The report, “Assessing the Security of 10 Top Mobile Apps,” is an attention-grabber.
2016-05-10 08:00:00
APTs Aren’t the Threat You Might Think
By Katherine Teitler
May 10, 2016
Advanced persistent threat. The term started sneaking into infosec nomenclature about ten years ago and reached its peak during 2010-2013, instigated by Stuxnet and trending steadily upward through the release of Mandiant’s APT1 report.
2016-05-09 14:53:00
DeMISTIfying Infosec: Phishing
By Katherine Teitler
May 09, 2016
Phishing is a social engineering technique through which an attacker spoofs (i.e., imitates) a known source in an attempt to fool a victim into providing information or performing an action, like clicking on a link or opening an attachment.
2016-05-08 08:00:00
Challenges of Cloud Integration
By Nicholas Takacs
May 08, 2016
In today's dynamic business environment, organizations face pressure to reduce cost, improve process efficiency, and drive financial growth. The "faster, cheaper, better" approach also flows down to technology.
2016-05-06 08:00:00
Give a Little Bit. Give a Little Bit of My Bugs to You
By Katherine Teitler
May 06, 2016
OSINT—or open source intelligence—is a wondrous thing. As security professionals know, this nearly endless sea of information provides both opportunities and drawbacks. Threat intelligence vendors, though, harness the vastness of the web to unearth tidbits of information.
2016-05-05 08:00:00
What Are You Waiting For?
By Katherine Teitler
May 05, 2016
WhatsApp, a popular encrypted messaging app, was briefly shut down throughout Brazil earlier this week after a regional judge ordered the country’s telecom providers to temporarily block the app.
2016-05-03 08:00:00
You’re Out of Touch, I’m Out of Touch
By Katherine Teitler
May 03, 2016
Spy movie aficionados know that the most secure rooms and hiding places are protected by biometric authentication, requiring thieves to go to great lengths to gain entry. When the tables are turned, however, and the government needs access to information about said criminals, all they need to do is ask!
2016-04-29 08:00:00
Where You Lead, I Will Follow
By Katherine Teitler
April 29, 2016
Recently I was having a conversation with a good friend, a good friend who also happens to be a leadership and communication expert. We were discussing the topic of leadership in the security industry and how, while there are many bosses and executives, there are few truly excellent leaders in security today.
2016-04-28 08:00:00
The Indestructability of Data in the Cloud
By Evelyn de Souza
April 28, 2016
Business leaders are often too trusting of the cloud. While on the other side, cloud providers claim they are secure – but that doesn't actually mean that your data is protected!
2016-04-20 08:00:00
Tips for Selecting a Cloud-based Solution
By Katherine Teitler
April 20, 2016
While cloud has technically existed in earlier forms—application service providers and hosted solutions, for instance—for almost twenty years, the current cloud marketplace offers a wide selection of services designed to meet the requirements of organizations looking to outsource certain aspects of operations.
2016-04-19 08:00:00
Don’t Fall in Your FUD
By Katherine Teitler
April 19, 2016
Have you ever slowed your car while driving to gawk at an accident on the side of the road, or been frustrated by the car in front of you that did? Have you caught yourself mesmerized by a ridiculous YouTube video?
2016-04-19 08:00:00
What Shouldn't Be Automated, Really?
By Ben Tomhave
April 19, 2016
In preparing for my Cloud Security World 2016 talk, "Automagic! Shifting Trust Paradigms Through Security Automation," I've been thinking a lot about what can be automated, how to automate, and how to demonstrate and measure value around all that jazz.
2016-04-18 08:00:00
Maneuvering, Understanding, and Applying Federal Compliance Requirements
By Katherine Teitler
April 18, 2016
If you are a System Owner (SO) in a commercial organization or a federal agency, maneuvering through, understanding, and implementing federal security and privacy compliance requirements can be a difficult hurdle.
2016-04-13 08:00:00
Where Will You Find Your Next-Generation Workforce?
By Katherine Teitler
April 13, 2016
The entire security industry knows we have a staffing problem. With demand for security talent far greater than supply, companies with the right resources are positioned to lure top talent from competitors while everyone else is scrambling to find anyone with adequate technical acumen to learn the craft.
2016-04-11 08:00:00
That’s A Wrap: InfoSec World 2016 Highlights in Hindsight
By Katherine Teitler
April 11, 2016
InfoSec World 2016 is now in the books. For the better part of a week, infosec pros took over The Contemporary Resort to discuss everything from building an incident response plan to leadership skills to active defense and trust.
2016-04-07 08:00:00
InfoSec World 2016 Attendees’ Top Interests
By Katherine Teitler
April 07, 2016
You know the saying: Bigger isn’t necessarily better. When it comes to conferences, however, knowing your audience’s interests and preferences is key to putting on a great event.
2016-04-04 10:00:00
Hit Me with Your Best Shot
By Katherine Teitler
April 04, 2016
Geopolitical cyber war is a fairly well established practice: You break into my nation-state thing; I’ll hack you back. President Obama and Chinese President Xi Jinping even met in Washington, D.C. this past September to discuss (and announce) the desire of both parties to curb intellectual property theft.
2016-03-30 08:00:00
No One Likes to be Defeated
By Katherine Teitler
March 30, 2016
If Hollywood doesn’t make movie out of the Apple vs. FBI debate, someone is missing the boat. As proven by the recent Oscar winners, “Spotlight” and “The Big Short,” audiences eat up controversial subjects, especially when the impact of the controversy affects them or loved ones.
2016-03-28 08:00:00
Users Take Privacy Into Their Own Hands with Message Encrypting Apps
By Katherine Teitler
March 28, 2016
A recent story in the New York Times shared information on a new crop of secure messaging apps for smartphones. The article, posted in the “Personal Tech” section, offered snippets of information about the functionality of five different consumer-focused tools.
2016-03-28 05:00:00
Selecting an eGRC Software Tool and Not Living to Regret it
By Ben Rothke
March 28, 2016
If you are going to be in Orlando in the beginning of April and are an information security professional, why wait in humid 90-minute long Disney lines when you can enjoy Orlando indoors at the Infosec World 2016 conference? Another benefit of the conference is that vendors at the expo give you t-shirts. This is the only free thing you'll find at Disney.
2016-03-22 08:00:00
Under Control
By Katherine Teitler
March 22, 2016
Major technology providers are not the only ones thinking about how to best protect user data. Users, too, are becoming increasingly concerned, and when those users are PhDs and professors at some of the world’s top universities, innovation is spawned.
2016-03-22 05:00:00
So, How is that Risk Management Thing Workin’ For Ya?
By Jeffrey Ritter
March 22, 2016
We are currently engaged in a war to achieve victory over risk. Okay, perhaps "war" is not the right way to describe the status quo. None of us can ever achieve total victory over risk. Any expert will say some risk always persists in any activity we undertake.
2016-03-21 05:00:00
Why Security Leaders Need to Communicate Value More Effectively
By Michael Santarcangelo
March 21, 2016
How effective is your communication? How do you fare when asked to explain security risks? What about when defending the need for investment? Are you effective? How do you know? How do you measure your communication efforts?
2016-03-18 08:00:00
Wasn’t Me
By Katherine Teitler
March 18, 2016
Earlier this week American Express notified customers of a potential breach involving theft of account numbers, user names, and “some other” account information—most of the juicy ingredients necessary for fraud. The company was quick to mention that it is monitoring for fraud, but it was even quicker to deny responsibility for the incident.
2016-03-17 08:00:00
Why The Pentagon’s New Bug Bounty Program is Sending a Strong Message
By Katherine Teitler
March 17, 2016
Everything is heating up on Capitol Hill: President Obama is proffering a new Supreme Court Justice nominee. The next presidential race is as much a circus as it is a true campaign. Apple and the FBI are still going at it (while other government agencies have started speaking out in favor of encryption).
2016-03-16 05:00:00
Advancing Your Security Leadership Journey
By Michael Santarcangelo
March 16, 2016
Are you valued as much a leader as you are a security resource (with a team)? It's the gut check question I ask of security leaders. In most cases, the answer is no. Most security leaders say they receive recognition for technical prowess, not for leadership.
2016-03-15 08:00:00
Love ‘em and Lead ‘em!
By Retired Colonel Jill Morgenthaler
March 15, 2016
U.S. Army Major General John H. Stanford was asked about how one becomes a leader. "When anyone asks me that question, I tell them I have the secret to success in life. The secret to success is to stay in love. Staying in love gives you the fire to really ignite other people."
2016-03-11 08:00:00
The Race to Protect Customer Privacy and Gain Trust is On
By Katherine Teitler
March 11, 2016
Technology is an inescapable part of our lives. Unless you live completely off the grid—grow your own food, never drive a car, transact with only the cash kept under your mattress inside your built-by-your-own-hands house—your personal information is collected, tracked, and exchanged by and among businesses.
2016-03-09 08:00:00
RSA 2k16 - A Metropolitan State of Affairs
By George Gerchow, Director, Product Management for Security & Compliance, Sumo Logic
March 09, 2016
From Amber restaurant to Jillian’s at the Metreon, The Marriott Marquee to coffee shops, Chevy's, and of course the Tonga Room at the famous Fairmont Hotel, business meetings light up the conference with a constant exchange of information between colleagues, partners, customers, and attendees.
2016-03-09 08:00:00
Mobile Devices in Investigations
By Warren Kruse, Vice President, Altep Inc.
March 09, 2016
Once upon a time, phones were only used to make calls. For most of us, our phone is a mobile office; central to a great deal of our daily activity, our phones are the hub through which our email, text messages, news, social media, calendars, driving directions, fitness goals, and so much more are all brought to us, organized, recorded, and shared.
2016-03-07 08:00:00
Are you Trusted to be a Security Leader?
By Michael Santarcangelo
March 07, 2016
There is no shortage of quotes to capture the importance of trust: hard to earn, easy to lose, and essential to our success as security leaders. Yet a troubling trend is emerging: the trust we need to be successful as security leaders is eroding.
2016-03-07 08:00:00
Happy Anniversary, RSA 2016
By Katherine Teitler
March 07, 2016
Over 40,000 attendees and nearly 550 vendors are getting back to their inbox this week after having attended the gargantuan vendor show otherwise known as RSA. It was RSA’s silver anniversary, and as with each passing year, it gets BIGGER with age!
2016-03-01 08:00:00
Secure Privileged Accounts Faster Than Hackers Can Strike
By Jonathan Sander, VP of Product Strategy, Lieberman Software
March 01, 2016
During the past couple of years, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.
2016-02-29 08:00:00
Ch-ch-ch-ch Changes
By Katherine Teitler
February 29, 2016
Whatever side of the debate you’re on when it comes to Apple and the FBI, one thing is for certain: U.S. courts should not be using laws written in 1789 to make decisions about current technological capabilities.
2016-02-23 08:00:00
Bridging the Gap between Enterprise Information Security and the Business
By Dave McPhee, Information Security Manager, Caterpillar
February 23, 2016
Information security and the business need to be in a partnership, not a dictatorship with one party demanding the other follow certain rules and guidelines. Through a true partnership, information security risks can be mitigated and business disruptions limited, thereby creating an improved relationship and organizational efficacy.
2016-02-22 08:00:00
E-N-C-R-Y-P-T, Find out What it Means to Me
By Katherine Teitler
February 22, 2016
Encryption is not a new invention. In fact, evidence of encrypted messages dates back to 1900 BC when the Egyptians wrote alternative symbols on pyramid walls to relay secret messages to one another. In modern times, though, encryption takes on a new meaning.
2016-02-17 08:00:00
Where the Security Things Are
By Katherine Teitler
February 17, 2016
The security field needs more practitioners. The insanity that is our “always-connected” world necessitates more resources to manage, monitor, and maintain personal and enterprise data – from email accounts to mobile phones to chock-full-of-tech refrigerators.
2016-02-16 12:00:00
Advanced and Persistent: Neither is Necessary
By Ed Bellis, CTO, Kenna
February 16, 2016
The hype around advanced persistent threats (APTs) is as high as ever. Post-breach, hacked organizations sing the praises of their adversaries' skills. Practitioners are bombarded by industry marketing touting the latest APT detecting and killing technologies.
2016-02-14 12:00:00
The Evolution of Security and the Opportunity of Leadership
By Michael Santarcangelo, founder, Security Catalyst
February 14, 2016
A few decades ago, we advanced information security with a simple phrase: "the Internet is bad, a firewall is good." We linked the dangers of connecting to others online with a simple method of protecting our companies. Now our ever-changing networks face dynamic, evolving threats.
2016-02-12 12:00:00
Lookin’ Out My Backdoor
By Katherine Teitler
February 12, 2016
As debates about privacy versus encryption rage on, with the US, UK, and France on one side and Germany and the Netherlands on the other, Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar decided to take a look at the encryption products market and replicate a study conducted in 1999.
2016-02-10 03:28:00
Pentest or Vulnerability Scan: Which is Right for You?
By Georgia Weidman, founder, Shevirah
February 10, 2016
Almost every morning I wake up and read about another company that has been breached, and consumers' or patients' information has been stolen as a result. It's getting to be so common that social security numbers and credit card numbers posted on dark Web sites sell for less than a dollar each.
2016-02-09 02:00:00
Why OSINT is a BFD
By Katherine Teitler
February 09, 2016
OSINT, or open source intelligence, is information about threats collected from publicly available sources. The CIA defines OSINT as information “drawn from publicly available material.
2016-02-03 03:28:00
Web-blindness: Why Website Security Needs Our Attention
By Katherine Teitler
February 03, 2016
Security professionals spend a lot of time thinking about protecting their back end systems and the information contained therein. They think about the scariest and sneakiest vulnerabilities and what an exploit means in real terms: will this disrupt business operations? Will our company lose sensitive data? Will I be fired?
2016-01-20 14:53:00
Metrics That Mean Something (Aside From Pretty Graphs)
By Kristy Westphal
January 20, 2016
When you think of security metrics, what's the first thing that pops into your mind? OK, after you yawn, what's the first thing? While security metrics themselves may not exude excitement, what if your metrics quickly revealed just the type of information you need that leads to a decision or action that helps solve a business problem?
2016-01-19 03:28:00
When the User Isn’t the Issue
By Katherine Teitler
January 19, 2016
For as long as I can remember, I’ve heard that “users are the weakest link in the chain,” or even worse, “you can’t stop stupid.” This long-held view is not terribly productive to advancing information security, and it certainly doesn’t endear the security professional to the general public.
2016-01-15 03:28:00
The Problem with Perception
By Katherine Teitler
January 15, 2016
In a profession that’s designed around problem identification, it’s no wonder security professionals are often labeled “contrarians” or “trouble makers.” From the outside in, it looks like security’s job is to find problems even when operations are seemingly gliding along smoothly. Security pros are trained to slog through logs and find anomalies.
2016-01-12 14:53:00
Mission Really Difficult: Securing Your Supply Chain
By Wendy Nather, Research Director at the Retail Cyber Intelligence Sharing Center
January 12, 2016
How do you secure that which you don't control? This is the big question for every enterprise, since no organization exists in a vacuum. From third-party commercial software (including operating systems) to open source, custom-written applications, there are plenty of attack vectors that cause concern.
2016-01-04 14:53:00
Think You’re Ready for DevOps? Try These Tests
By Mike Landeck, CISSP, PCSM
January 04, 2016
As a young man, I was given some advice that seemed too obvious to really be considered advice. It went something along the lines of, "If a person keeps a checkbook that's not accurate or up to date, don't hire them as your accountant..." As DevOps rises in popularity, I am reminded of this adage often.
2015-12-21 14:53:00
Say What? Getting Risk Management Back on Track
By Jack Jones, EVP of Research & Development and co-founder at RiskLens
December 21, 2015
Would you ride on a space shuttle mission if you knew that the scientists and engineers who planned the mission and built the spacecraft couldn't agree on the definitions for mass, weight, and velocity?
