Security Experts:

long dotted


Twitter, Uber, Dropbox, GoDaddy and other tech giants have joined forces in the Vendor Security Alliance (VSA), a coalition that aims to improve Internet security [Read More]
US government oversight committee report blames leadership, not technology, for the massive OPM data breach [Read More]
Onapsis warns that there are indicators of exploitation against 36 large-scale global enterprises around the world. [Read More]
The Core Infrastructure Initiative’s first best practices badges were earned by Curl, GitLab, the Linux kernel, OpenBlox, OpenSSL, Node.js and Zephyr [Read More]
The PCI Security Standards Council (PCI SSC) has published PCI Data Security Standard (PCI DSS) version 3.2. [Read More]
Mozilla allows Symantec to issue new SHA-1 certificates to payment processor Worldpay to prevent disruption of 10,000 payment terminals [Read More]
Asus settles FTC charges that it failed to take reasonable steps to secure its routers and protect its customers’ privacy [Read More]
Oracle settles FTC charges that it deceived customers about Java security updates [Read More]
Patient data breaches affect 90% of industries, according to Verizon’s 2015 Protected Health Information Data Breach Report. [Read More]
The Payment Card Industry Security Standards Council (PCI SSC) has set a new deadline for when organizations that process payments should complete the migration off vulnerable SSL and early TSL encryption. [Read More]


rss icon

Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.