Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Enterprises have identified the weak link in the chain in endpoint security - and if you are an end user, that weak link is probably you, according to a new survey.
Security experts discuss the implications of the new version of the Payment Card Industry Data Security Standard as the New Year dawns.
Security experts weigh in on what they would like to see in 2015 to make their jobs wrangling users, infrastructure, and data easier.
South Korea's nuclear power plant operator launched a two-day drill to test its ability to thwart a cyber attack, after a series of online information leaks by a suspected hacker.
Rapid7 announced that it has received $30 million in funding, bringing the total raised by the company to-date to $93 million.
Cyber risk assessment and data breach services company NetDiligence published a new study focusing on the costs incurred by insurance underwriters due to cyber incidents.
While Home Depot and Staples say cyber liability insurance will mitigate the financial impact of data breaches they suffered, adoption of cyber insurance generally appears to be mixed.
ENISA, Europe's Cyber security agency, has released two reports that aim to inform and guide decision makers in the public and private sector on the use and implementation of cryptographic protocols for securing personal data.
Microsoft reported that some users who have applied patch (MS14-066) to address the Schannel Remote Code Execution Vulnerability (CVE-2014-632) 1are having issues, including a fatal alert related to the TLS protocol.
Security experts share their thoughts on the "Darkhotel" espionage campaign and provide recommendations for executives who travel a lot and don't want sensitive corporate information to end up in the hands of cyber spies.

FEATURES, INSIGHTS // Risk Management

rss icon

Joshua Goldfarb's picture
While intelligence is a critical component of a mature security program, it should not drive security. A risk-driven approach provides a much more comprehensive and scientific approach that allows organizations to keep pace with today’s sophisticated threats.
Rafal Los's picture
As long as the “hikers and bear” analogy is told in boardrooms we will have difficulty communicating the value of a proportionate security model where we design security measures for different types of adversaries with different types of objectives.
Marc Solomon's picture
To help CISOs develop a manifesto, these five principles can serve as a baseline as they strive to become more dynamic in their approach to security, and more adaptive and innovative than adversaries.
Rafal Los's picture
As a security professional you must know the three categories of threats your organization faces, how to respond to each — and how to expend your resources.
Torsten George's picture
The transition from a compliance-driven check-box approach to a risk-based model, enables businesses to centralize the ongoing definition, evaluation, remediation, and analysis of their risk posture in a closed-loop process.
Joshua Goldfarb's picture
If you are a security leader, you owe it to yourself and to your organization to create a culture that rewards honesty and truthfulness. Otherwise, the house always wins.
Torsten George's picture
Massive data breaches are raising doubts about whether organizations are investing their security dollars in the right areas.
Fahmida Y. Rashid's picture
Piper Jaffray's fourth annual CIO survey found that 75 percent of CIOs were expecting to increase their security spending in 2015. But are these security investments spent and utilized wisely?
Joshua Goldfarb's picture
The past few decades in the information security field have been dominated by passive failure. Clearly, not every new idea has merit, but those ideas that come about scientifically and methodically have tremendous potential to improve the state of security.
Torsten George's picture
With cyber criminals increasingly targeting third-party vendors to gain backdoor access to data at large, well-protected global organizations, security professionals need to rethink their vendor risk management practices.