Doug Barbin, principal at Schellman and Company, discusses the challenges that security professionals face when it comes to security and privacy assessments, but also provides tips on which assessments bring in the most return on investment.
In this interview with Kelly York, security awareness manager at the McDonald's Corporation, she discusses the state of attracting and retaining talent in information security and also provides some helpful tips that could get you and your business over the hump when it comes to the topic.
Updating your risk management program is a critical component of becoming a successful security leader. InfoSec Insider caught up with Argo AI's CSO Summer Craze Fowler who shared her thoughts on the topic, as well as some proven tips.
In the full video interview below, Tonia Dudley, security solutions advisor at Cofense, provides us with a glimpse into the state of phishing attacks in 2019, and more importantly, what security professionals should be doing about it.
In the full video interview below, Ted Harrington, keynote speaker and executive partner at Independent Security Evaluators, provides his take on application security and shares tips on the subject with up-and-coming security leaders.
Tackling GDPR means knowing where all your data reside, even if they're outside of your direct control. Here we take a look at how you can tackle this initiative even if you're a bit late given the time of year and when the regulation goes into effect.
SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.
What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.
Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.
To help security leaders find new ways to better align with business colleagues, we turned to two experts to find out how they’re constantly maneuvering between technical requirements and fueling business priorities.
Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.
In this follow-up article, cloud researcher Mark Nunnikhoven gives us his take on the Meltdown and Spectre vulnerabilities, which can exploit flaws in modern processors. Nunnikhoven provides us with the potential implications that you should take note of.
An interview with industry veteran Aaron Turner that helps demystify the probable consequences of Meltdown and Spectre, the two headline-grabbing security vulnerabilities capable of exploiting critical vulnerabilities in modern processors. Turner breaks down what you should do.
Sever Message Block
A server message block (“SMB,” not to be confused with “small and medium businesses,” another common abbreviation) is an application layer network file-sharing protocol which allows systems within the same network to share and access files and resources easily. SMBs facilitate network communication between client applications and the server.
One of the ways to mitigate damage in the event of a breach is to “hash” password, or cryptographically convert a plaintext password to an irreversible output, like a key or token (i.e., “hash”) that is stored and can be used in place of the original input.
Cybersecurity has been gaining traction as a “board level topic” over the past several years. While boards of directors, along with executive management, all want the answer to, “How secure are we,” security professionals know that that answer doesn’t often come wrapped in a tidy little box.
Security teams fight many battles. There are threats, vulnerabilities, exploits, improperly configured systems, legacy equipment, lean budgets, staffing shortages, and users who are fallible. Any of these things, alone, add up to challenge, but possibly the biggest challenge security teams face is the battle between the security department and the CIO.
By Mark Arnold, Senior Research Analyst, Office of the CISO, Optiv
October 12, 2016
For companies on the path of cloud adoption, the fear that dark “clouds gathering” could impact business health and one's financial bottom is a source of anxiety. Despite recent data that show cloud adoption rates consistent growth over the last 18 months, a group of holdouts endure.
Cloud technology has been moving at a tremendous pace. For businesses, it seems to have happened in the blink of an eye. It’s faster and more agile, with the ability to re-architect an entire infrastructure. But why has this happened so quickly, and what does it mean for security practitioners?
By Marcos Colón
September 26, 2016
The cybersecurity industry is full of terms that both vendors and end users love to glom on to. Ok, maybe vendors lead the way, but their customers may not be doing a good job of speaking up and asking them to clarify what it is they do – taking the various mixed marketing messages as they come and running with it.
After the contentious Brexit vote last week, the British Parliament’s House of Commons Committee is investigating potential commandeering of an online petition calling for a second referendum on the matter.
Phishing is a social engineering technique through which an attacker spoofs (i.e., imitates) a known source in an attempt to fool a victim into providing information or performing an action, like clicking on a link or opening an attachment.
By Wendy Nather, Research Director at the Retail Cyber Intelligence Sharing Center
January 12, 2016
How do you secure that which you don't control? This is the big question for every enterprise, since no organization exists in a vacuum. From third-party commercial software (including operating systems) to open source, custom-written applications, there are plenty of attack vectors that cause concern.