Doug Barbin, principal at Schellman and Company, discusses the challenges that security professionals face when it comes to security and privacy assessments, but also provides tips on which assessments bring in the most return on investment.
In this interview with Kelly York, security awareness manager at the McDonald's Corporation, she discusses the state of attracting and retaining talent in information security and also provides some helpful tips that could get you and your business over the hump when it comes to the topic.
Updating your risk management program is a critical component of becoming a successful security leader. InfoSec Insider caught up with Argo AI's CSO Summer Craze Fowler who shared her thoughts on the topic, as well as some proven tips.
In the full video interview below, Tonia Dudley, security solutions advisor at Cofense, provides us with a glimpse into the state of phishing attacks in 2019, and more importantly, what security professionals should be doing about it.
In the full video interview below, Ted Harrington, keynote speaker and executive partner at Independent Security Evaluators, provides his take on application security and shares tips on the subject with up-and-coming security leaders.
Cyber swindlers are continually looking to reinvent themselves, and their methods are becoming savvier. InfoSec Insider caught up with Digital Shadows CISO Rick Holland on the recent research that his team has conducted on cybercrime extortion, and how security practitioners can secure their organizations don't fall prey to these attacks.
Organizations have struggled to gain control over privileged identity management—a challenge that has tripped up many security and risk departments and has caused major cyber incidents. If the title of this article caught your eye, chances are you’re grappling with this issue and are looking for some insights that will make your life a little easier.
By Brent White & Tim Roberts, Senior Security Consultants, Threat Services, NTT Security
March 28, 2019
While having strong IT security in place to secure sensitive data on devices and networks is critical, ensuring your organization practices strong physical security is equally important. Organizations need to prevent attackers from being able to walk in and walking out with data, systems, physical documents, or worse – a new connection to your network as a persistent threat.
By Paul Rohmeyer, Program Director MS Information Systems, Stevens Institute of Technology
March 12, 2019
Today, there are highly specialized training options offered both in-person and online in the form of meetups, webinars, formal courses, and in-house and external conferences. The attractiveness (cost, convenience, and specialty) of these alternative options has driven cybersecurity talent to steer towards education avenues outside of traditional academia.
From steering clear of marketing buzz to the impact of misinformation, DeMISTIfying Security hosts Ed Moyle and Raef Meeuwisse point out the security assumptions that could be catastrophic to any security practitioner’s role.
Tackling GDPR means knowing where all your data reside, even if they're outside of your direct control. Here we take a look at how you can tackle this initiative even if you're a bit late given the time of year and when the regulation goes into effect.
SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.
What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.
Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.
To help security leaders find new ways to better align with business colleagues, we turned to two experts to find out how they’re constantly maneuvering between technical requirements and fueling business priorities.
Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.
In this follow-up article, cloud researcher Mark Nunnikhoven gives us his take on the Meltdown and Spectre vulnerabilities, which can exploit flaws in modern processors. Nunnikhoven provides us with the potential implications that you should take note of.
An interview with industry veteran Aaron Turner that helps demystify the probable consequences of Meltdown and Spectre, the two headline-grabbing security vulnerabilities capable of exploiting critical vulnerabilities in modern processors. Turner breaks down what you should do.
Sever Message Block
A server message block (“SMB,” not to be confused with “small and medium businesses,” another common abbreviation) is an application layer network file-sharing protocol which allows systems within the same network to share and access files and resources easily. SMBs facilitate network communication between client applications and the server.
One of the ways to mitigate damage in the event of a breach is to “hash” password, or cryptographically convert a plaintext password to an irreversible output, like a key or token (i.e., “hash”) that is stored and can be used in place of the original input.
Cybersecurity has been gaining traction as a “board level topic” over the past several years. While boards of directors, along with executive management, all want the answer to, “How secure are we,” security professionals know that that answer doesn’t often come wrapped in a tidy little box.
Security teams fight many battles. There are threats, vulnerabilities, exploits, improperly configured systems, legacy equipment, lean budgets, staffing shortages, and users who are fallible. Any of these things, alone, add up to challenge, but possibly the biggest challenge security teams face is the battle between the security department and the CIO.
By Mark Arnold, Senior Research Analyst, Office of the CISO, Optiv
October 12, 2016
For companies on the path of cloud adoption, the fear that dark “clouds gathering” could impact business health and one's financial bottom is a source of anxiety. Despite recent data that show cloud adoption rates consistent growth over the last 18 months, a group of holdouts endure.
Cloud technology has been moving at a tremendous pace. For businesses, it seems to have happened in the blink of an eye. It’s faster and more agile, with the ability to re-architect an entire infrastructure. But why has this happened so quickly, and what does it mean for security practitioners?
By Marcos Colón
September 26, 2016
The cybersecurity industry is full of terms that both vendors and end users love to glom on to. Ok, maybe vendors lead the way, but their customers may not be doing a good job of speaking up and asking them to clarify what it is they do – taking the various mixed marketing messages as they come and running with it.
After the contentious Brexit vote last week, the British Parliament’s House of Commons Committee is investigating potential commandeering of an online petition calling for a second referendum on the matter.
Phishing is a social engineering technique through which an attacker spoofs (i.e., imitates) a known source in an attempt to fool a victim into providing information or performing an action, like clicking on a link or opening an attachment.
By Wendy Nather, Research Director at the Retail Cyber Intelligence Sharing Center
January 12, 2016
How do you secure that which you don't control? This is the big question for every enterprise, since no organization exists in a vacuum. From third-party commercial software (including operating systems) to open source, custom-written applications, there are plenty of attack vectors that cause concern.