ThreatVue automates the implementation, analysis and remediation guidance of essential security controls as recommended by the Center for Strategic and International Studies (CSIS) and The SANS Top 20 Controls.
Jerry Davis, the VA’s former CISO, told members of the House Veterans' Affairs oversight and investigations subcommittee the sensitive personal information the department is charged with protecting remains at risk due to flawed processes and procedures, and inadequate protection.
The “if it works don’t touch it” mentality continues to thwart many aspects of cyber security — including information sharing. It’s also why the trust required to implement a successful Information Sharing scheme is also unlikely to blossom overnight.
In this podcast, Cylance Technical Directors Billy Rios and Terry McCorkle discuss the state of security in the ICS/SCADA world, the need for secure coding practices and whether the industry will have to rely on third-party security software.
The challenges of Java-based threats go deeper than your average 0-day vulnerability, and these challenges will likely affect your approach to controlling them. Organizations need to weigh the risk of a technology against the reward for the enterprise.
Ryan Naraine talks to Christopher Soghoian about the latest iMessage encryption brouhaha, the indifference of the telephone companies towards security and the controversial practice of buying and selling software exploits.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
In this debut episode the Security Conversations Podcast, Ryan talks to David Lenoe, Adobe's Product Security Incident Response Team (PSIRT) group manager, about the frustrations of responding to the "partial disclosure" of security vulnerabilities.
When it comes to security, you can scan for vulnerabilities all day long and even convince yourself that you know where that threat is hiding, but until you’re able to capture, correlate and contextualize it, it means nothing.