Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

US Investigations Services (USIS), a Department of Homeland Security (DHS) contractor that conducts background checks for the agency, has been the target of a cyberattack that appears to have been launched by a state-sponsored entity.
Target said that t its second quarter financial results are expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the December 2013 massive data breach.
P.F. Chang's said that an intruder may have stolen some data from certain credit and debit cards that were used during specified time frames at 33 P.F. Chang's China Bistro branded restaurant locations in the continental United States.
Mozilla warned that it mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process.
According to a recent survey of senior C-level executives, CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach.
Researchers at FireEye have analyzed the operations of the advanced persistent threat (APT) group dubbed "Pitty Tiger," and determined that it might have been active since as far back as 2008.
A security firm uncovered three zero-day vulnerabilities in Symantec Endpoint Protection that can be exploited for privilege escalation.
Deloitte's Cyber Risk Services group has launched new “cyber war-gaming and simulation services” that aim to unite those tasked with managing enterprise-wide responses to cyber-attacks.
The personal data of thousands of US government workers was not compromised in a recently reported cyber attack, officials said Thursday.
China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world.

FEATURES, INSIGHTS // Incident Management

rss icon

Joshua Goldfarb's picture
Amidst recent headlines, I am concerned that as a security community, we are losing sight of an important principle that is very important to remember: not all intrusions involve malware.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Torsten George's picture
In order to find the needle in the haystack, it is imperative to have all necessary data available to diagnose the patterns that point to an advanced persistent threat or sophisticated cyber-attack.
Mark Hatton's picture
The fall of a high-profile CEO due to security concerns makes me envision a scenario where security is now given a more prominent role on the executive team, with more emphasis placed on avoiding the breach in the first place.
Marcus Ranum's picture
Don't ask your boss, “what metrics should I collect?” Metrics are 'produced' not 'collected' and you need to spend time figuring out what metrics are appropriate for your organization.
Mike Tierney's picture
Implementing an employee monitoring program and putting the three Ds process into place can act as a strong means of deterring inappropriate behavior or malicious intent by insiders.
Joshua Goldfarb's picture
When performing incident response, an organization should proceed through various stages by following its incident response process. While all stages are important, when an enterprise is attacked, the highest priority quickly becomes moving rapidly from detection to containment.
Dr. Mike Lloyd's picture
The fact that insurance companies – well respected by every business-centric executive – look at cyber risk and say “no, thanks” is a pretty clear indicator that something is rotten...