Security Experts:

Management & Strategy
long dotted

NEWS & INDUSTRY UPDATES

We have room for six more cyber security startups to join Washington, D.C. speed lunch, however registrations will close by end-of-day July 15, 2015.
The personal data of thousands of US government workers was not compromised in a recently reported cyber attack, officials said Thursday.
China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world.
A Senate committee approved the Cybersecurity Information Sharing Act, which aims to help companies and government share information about cyber-attacks and other threats. Privacy groups opposed the bill because it could potentially give the government access to huge trove of personal data about Americans.
Rogue digital certificates issued in India for several Google domains were identified and blocked last week, Google representatives said.
John Kerry will seek to persuade his Chinese counterparts to reinstate a cybersecurity working group cancelled by Beijing after the US indicted five Chinese military officers for hacking into US businesses.
Please join Palo Alto Networks and SecurityWeek on Wednesday, July 9th at 1:00 PM ET for an informative webcast on how your organization can better detect and prevent advanced cyber attacks.
Suits and Spooks London is happening on Friday Sep 12th with speakers from BAE Systems, EUROPOL, CERT-EU, Kaspersky Lab, CrySyS Lab, Goldman Sachs, PwC and other organizations.
The IEEE announced the launch of a new service designed to help the security industry respond more efficiently to the modern malware threat landscape.
With what may have been a subtle reference to former Target Stores CEO Greg Steinhafel, who lost his job from his handling of cyber attacks, speaker and panelist Rebecca Scorzato set the stage for her opening comments at July’s exceptional Suits & Spooks cybersecurity forum in New York.

FEATURES, INSIGHTS // Management & Strategy

rss icon

Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Jason Polancich's picture
In order to make our ecosystem a safer place for all of us, small and large, the big guys out there are going to have to start - at least in part - handling the security of their small business partners, suppliers and customers.
Adam Ely's picture
Security teams and lines of business have reached a turning point on BYOD. It’s now become more important than ever for the CISO to figure out how to manage risk without inhibiting users.
Torsten George's picture
While the initial investment in a proof of concept can be costly, the end results might not only justify the additional expenses, but in the long-term save you money (and your job).
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Marc Solomon's picture
With the right approach to security you can protect your organization’s sensitive information from both insiders and outsiders.
Aviv Raff's picture
While the phrase “cyber kill chain” is embedded in the cyber security vocabulary, many enterprises are still not proactive about keeping their assets, data, and reputations safe from bad actors.