Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A recently published report from the United States Department of Defense (DoD) shows that. while it has improved its stance, it still faces challenges in managing cybersecurity. [Read More]
Mondelez International filed suit against Zurich American Insurance Company over a $100 million insurance claim for damage caused by NotPetya, citing the fairly standard 'act of war' exclusion in many insurance policies. [Read More]
Many .gov domains, including ones belonging to NASA and the DoJ, have not had their TLS certificates renewed during the U.S. government shutdown. [Read More]
Researchers who disclosed Meltdown, Spectre and other similar attacks are now back with a new type of side-channel attack, one that is hardware agnostic and targets the operating system page cache. [Read More]
USB Implementers Forum announces new USB Type-C authentication protocol designed to protect host systems against non-compliant chargers and malicious devices. [Read More]
The European Union is offering nearly $1 million in bug bounties through the FOSSA project for vulnerabilities in 14 widely used free software projects. [Read More]
The Department of Defense lacks visibility into software inventories, a review of Marine Corps, Navy, and Air Force commands and divisions reveals. [Read More]
Researchers demonstrate how hackers could remotely brick servers at scale via firmware attacks that leverage the Baseboard Management Controller (BMC). [Read More]
Huawei defends its global ambitions and network security in the face of Western fears that the Chinese telecom giant could serve as a Trojan horse for Beijing's security apparatus. [Read More]
A Czech cyber-security agency on Monday warned against using the software and hardware of China's Huawei and ZTE companies, saying they posed a threat to state security. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Josh Lefkowitz's picture
A business risk intelligence (BRI) program needs to understand and account for the different categories of risk faced by all business functions across an enterprise.
Alastair Paterson's picture
Organizations that continuously monitor their digital footprint and understand their online exposure will be the most effective at mitigating digital risk in the new year.
Lance Cottrell's picture
We spend a lot of time thinking about and trying to mitigate threats that are so extreme you are basically already doomed if they are ever used against you.
Laurence Pitt's picture
Failure to implement basic cybersecurity hygiene practices will leave retailers vulnerable to damage and fines during a lucrative time for their businesses.
Alastair Paterson's picture
As you develop a brand protection program, here are five concrete things you can do now to proactively identify and mitigate risk to your brand.
Josh Lefkowitz's picture
It’s relatively commonplace for CTI and incident response teams to establish a coordinated response plan in preparation for a cyber attack, but—as demonstrated by WannaCry—it’s imperative for physical security teams to be involved in such plans as well.
Mike Fleck's picture
A small business with one running all of IT, cannot defend against cyber-attacks from the North Korean military with the same vigor as Lockheed Martin or Northrup Grumman.
Torsten George's picture
Like the NIST Cybersecurity Framework, it integrates relevant regulations (e.g., HIPAA) and standards (NIST 800-53, ISO 27001, PCI DSS) into a single overarching security framework.
Josh Lefkowitz's picture
There’s no point in having billions of data points if those data points aren’t timely, accurate, actionable, and adequately map to your intelligence objectives and requirements.
Nick Sanna's picture
Board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.