Security Experts:

Management & Strategy
long dotted

NEWS & INDUSTRY UPDATES

The gulf between reality and perception is widening, according to Cisco’s annual survey of CISOs and security executives.
Enterprises have identified the weak link in the chain in endpoint security - and if you are an end user, that weak link is probably you, according to a new survey.
Security awareness programs can make the difference between a breach and a non-event, but just how much is the subject of discussion.
Private equity investment firm Inverness Graham said on Wednesday that it has acquired enterprise data management software maker Identity Finder, LLC.
President Obama has outlined a series of data security and privacy proposals in the latest sign the White House and Congress are gearing up to take legislative action on information protection.
The White House made a renewed push Tuesday for cybersecurity legislation, asking the new Congress to revive an initiative stalled over the past few years.
Security experts discuss the implications of the new version of the Payment Card Industry Data Security Standard as the New Year dawns.
Security experts weigh in on what they would like to see in 2015 to make their jobs wrangling users, infrastructure, and data easier.
Alert Logic, a Houston, Texas-based provider of Security-as-a-Service solutions for cloud environments, has acquired Dallas-based Critical Watch for an undisclosed sum.
iSIGHT Partners, Inc., a provider of cyber threat intelligence services, has closed a $30 million Series C funding round with Bessemer Venture Partners.

FEATURES, INSIGHTS // Management & Strategy

rss icon

Joshua Goldfarb's picture
In resource-limited environments, every alert counts. Spear alerting is an approach that can help organizations improve their signal-to-noise ratio and make their security programs much more efficient and effective.
Jason Polancich's picture
Starting your own private ISAC is easier and more important long-term than you might think.
James McFarlin's picture
What key forces are driving the demand for cyber insurance and how can such coverage best fit into an overall cybersecurity strategy?
Joshua Goldfarb's picture
Is budget a good metric for security? In other words, if an organization wishes to improve its security posture, is spending more money an appropriate response?
James McFarlin's picture
Was the plan by the Securities Industry and Financial Markets Association (SIFMA) to create a new inter-agency working group comprised of data security regulators a reaction to the recent acceleration of nationwide data breaches?
Marc Solomon's picture
While we can’t address security without technology, we also need to consider education. Organizations must also be committed to keeping their IT security staff highly trained on the current threat landscape and advanced approaches to security.
Nate Kube's picture
I would like the OT security community to move away from asking what can we do to gain greater adoption of a greenfield IT security model and instead ask how we can gain demonstrable gains in OT security posture more efficiently.
Joshua Goldfarb's picture
Because of the large volume of even the highest priority alerts, analysts are not able to successfully review each event. And with a large number of false positives, analysts become desensitized to alerts and do not take them seriously.
Jason Polancich's picture
Sharing threat information, analysis and expertise within your “extended family” can be very valuable to establishing the kind of early warning system that is the promise of cyber information sharing to begin with - and without most of the risks.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.