Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
AWS launches Security Hub, a service that aggregates and prioritizes security alerts from both AWS and third-party security tools [Read More]
CyberGRX has raised $30 million in Series C funding, bringing the total amount raised by the company to $59 million. [Read More]
New Zealand's international spy agency halted mobile company Spark from using Huawei equipment in its planned 5G upgrade, saying it posed a "significant network security risk." [Read More]
While CVSS can be useful for rating vulnerabilities, the use of the standard for flaws affecting ICS can have negative consequences, particularly if an organization relies solely on it for prioritizing patches [Read More]
U.S. Office of Personnel Management (OPM) has improved its security posture since the data breaches disclosed in 2015, but many issues are still unresolved, GAO says in a report [Read More]
Cyberattacks are seen as the top risk to doing business in Europe, North America, and the East Asia and Pacific region, according to a new report from the World Economic Forum [Read More]
A new report from Tenable shows that prioritizing vulnerabilities based on severity and exploitability is increasingly ineffective. The number of new flaws found this year could reach 19,000 [Read More]
The National Insider Threat Task Force (NITTF) published a new Insider Threat Program Maturity Framework designed specifically designed for government departments and agencies. [Read More]
Industrial control systems (ICS) are vulnerable to power analysis side-channel attacks, researcher warns [Read More]
More than a quarter of the malware delivered via USB devices to industrial facilities can cause major disruptions to ICS, says Honeywell [Read More]
- 1 of 67
- ››
FEATURES, INSIGHTS // Risk Management
It’s relatively commonplace for CTI and incident response teams to establish a coordinated response plan in preparation for a cyber attack, but—as demonstrated by WannaCry—it’s imperative for physical security teams to be involved in such plans as well.
A small business with one running all of IT, cannot defend against cyber-attacks from the North Korean military with the same vigor as Lockheed Martin or Northrup Grumman.
Like the NIST Cybersecurity Framework, it integrates relevant regulations (e.g., HIPAA) and standards (NIST 800-53, ISO 27001, PCI DSS) into a single overarching security framework.
There’s no point in having billions of data points if those data points aren’t timely, accurate, actionable, and adequately map to your intelligence objectives and requirements.
Board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.
Over time, holding people responsible will lead individuals to see how their actions impact the security of the organization and come to consider themselves responsible for the security of the company.
It is important to understand how the right intelligence can support network defense teams, fraud, physical security, M&A, insider threat, supply chain, and brand reputation teams, among others.
Although the challenge may seem insurmountable, there’s a lot that security professionals can do to mitigate insider risk.
Cyber risk has risen to the level of enterprise risk – which they expect to be measured, managed, and reported in the terms that the rest of the enterprise understands.
Cybersecurity teams need to adopt an adversarial mindset and understand what their enemies are capable of and prepare an appropriate response.
- 1 of 29
- ››
SecurityWeek Daily Briefing
- A New Year's Resolution: Security is Broken…Let's Fix It
- Claroty Adds New Capabilities to Industrial Security Platform
- Windows Zero-Day Exploited by New 'SandCat' Group
- Hertz, Clear Partner to Speed Rentals With Biometric Scans
- Windows Kernel Vulnerability Exploited in Attacks
- Adobe Patches 87 Vulnerabilities in Acrobat Software
- New Exploit Kit Targets SOHO Routers
- House Releases Cybersecurity Strategies Report
- Russian Critical Infrastructure Targeted by Profit-Driven Cybercriminals
- Italian Oil Services Company Saipem Hit by Cyberattack
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy