Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

According to a recent survey of senior C-level executives, CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach.
Deloitte's Cyber Risk Services group has launched new “cyber war-gaming and simulation services” that aim to unite those tasked with managing enterprise-wide responses to cyber-attacks.
A global survey conducted by data protection solutions provider SafeNet once again confirms that data breaches, especially ones that involve financial data, have a negative impact on customer loyalty.
Many software development firms still fail to ensure that the components they use don't contain security vulnerabilities, according to a report published by software supply chain management company Sonatype.
To protect sensitive data from prying eyes, some organizations are turning to Bring-Your-Own-Encryption (BYOE), but experts warn that there are some aspects that need to be take into consideration before making the move.
China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world.
A Senate committee approved the Cybersecurity Information Sharing Act, which aims to help companies and government share information about cyber-attacks and other threats. Privacy groups opposed the bill because it could potentially give the government access to huge trove of personal data about Americans.
With what may have been a subtle reference to former Target Stores CEO Greg Steinhafel, who lost his job from his handling of cyber attacks, speaker and panelist Rebecca Scorzato set the stage for her opening comments at July’s exceptional Suits & Spooks cybersecurity forum in New York.
Taiwan tech giant Hon Hai said Wednesday it has pulled out of a deal to buy 4G equipment from Huawei after the government warned that the Chinese company posed a national security threat.
The Oil and Natural Gas industry unveiled a new Information Sharing and Analysis Center (ONG-ISAC) to facilitate the exchange of information, help evaluate risks, and provide up-to-date security guidance to U.S. companies.

FEATURES, INSIGHTS // Risk Management

rss icon

Torsten George's picture
A risk-driven approach addresses both security posture and business impact to increase operational efficiency, improve assessment accuracy, reduce attack surfaces, and improve investment decision-making.
Travis Greene's picture
The significant breaches of today are executed by people infiltrating the organization, and attackers are doing this by assuming identities or abusing insider privileges.
Scott Gainey's picture
Corporate stewards are getting educated in a hurry and are gearing up to ask some very pointed questions regarding strategy for protecting company data.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.
Joshua Goldfarb's picture
I am often asked the question: “Is security an unsolvable problem?” In order for me to answer that question, I would have to understand it, and I don’t.
Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Torsten George's picture
While the initial investment in a proof of concept can be costly, the end results might not only justify the additional expenses, but in the long-term save you money (and your job).
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.