Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Taiwan tech giant Hon Hai said Wednesday it has pulled out of a deal to buy 4G equipment from Huawei after the government warned that the Chinese company posed a national security threat.
The Oil and Natural Gas industry unveiled a new Information Sharing and Analysis Center (ONG-ISAC) to facilitate the exchange of information, help evaluate risks, and provide up-to-date security guidance to U.S. companies.
Organizations need to expand their mobile worldview to include data leakage, insider threats, and mobile malware and develop incident response plans that consider mobile devices.
Some of the Nation’s largest retailers are now sharing cyber threat information among each thanks to the new Retail Information Sharing and Analysis Center (Retail-ISAC).
Al-Qaeda and other terrorist groups have expanded their online presence with increased use of social media, creating new challenges for thwarting attacks.
Microsoft has released updated versions of white papers focused on software supply chain security and critical infrastructure protection.
ZeroFOX, a Baltimore, Maryland-based provider of “Social Risk Management” solutions, announced that it has secured $10.7 million in Series A funding.
HP has announced new consulting services to help clients make rapid, data-driven decisions about the management information-security risk across their organizations.
SecurityWeek has acquired the ICS Cybersecurity Conference series, the leading organizer of cybersecurity-focused events for the industrial control systems sector.
AIG has expanded its cyber insurance offering to include property damage and bodily injury that could be caused as a result of cyber attacks.

FEATURES, INSIGHTS // Risk Management

rss icon

Torsten George's picture
When an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them.
Mark Hatton's picture
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Torsten George's picture
While the initial investment in a proof of concept can be costly, the end results might not only justify the additional expenses, but in the long-term save you money (and your job).
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
Aviv Raff's picture
While the phrase “cyber kill chain” is embedded in the cyber security vocabulary, many enterprises are still not proactive about keeping their assets, data, and reputations safe from bad actors.
Mark Hatton's picture
The fall of a high-profile CEO due to security concerns makes me envision a scenario where security is now given a more prominent role on the executive team, with more emphasis placed on avoiding the breach in the first place.
Marcus Ranum's picture
Don't ask your boss, “what metrics should I collect?” Metrics are 'produced' not 'collected' and you need to spend time figuring out what metrics are appropriate for your organization.
Torsten George's picture
Shortcomings in a cloud providers’ security architecture can trickle down to customers that leverage their services. So what steps should organizations take to retool their security practices for the cloud age?
Mark Hatton's picture
The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.