Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

U.S. Justice Department’s Cyber-Digital Task Force publishes first report, covering the threat to elections, cybercrime schemes, FBI’s role in incident response, and cyber personnel recruitment [Read More]
Flashpoint announces new service designed to help organizations respond and prepare for ransomware and other cyber extortion incidents [Read More]
US formally lifts a crippling ban on exports to China's ZTE, rescuing the smartphone maker from the brink of collapse after it was denied key components [Read More]
Department of Defense (DoD) IT managers say the DoD needs to improve the use of cloud to maintain the military’s technical advantage and support mission success. [Read More]
Security ratings pioneer BitSight announced the closing of a $60 million Series D funding round that brings the company’s total funding to $155 million. [Read More]
The UK government's Cabinet Office has published the first iteration of its Minimum Cyber Security Standard, which will be incorporated into the Government Functional Standard for Security. [Read More]
Wiretap's Behavior Risk Analysis Report demonstrates that risky user communications are even more likely to occur in the relative privacy of collaboration tools than in traditional communication systems such as email. [Read More]
Researchers demonstrate how installing a malicious battery into a smartphone can allow attackers to harvest and exfiltrate sensitive data [Read More]
Intel Core processors affected by LazyFP vulnerability similar to Meltdown. Patches being developed, but many systems already not impacted [Read More]
Kaspersky suspends its collaboration with Europol and the NoMoreRansom initiative after the EU voted a resolution that describes the company’s software as “malicious” [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Josh Lefkowitz's picture
If an InfoSec team lacks the requisite capabilities, bandwidth, and/or resources to do so, it may inhibit the progress and accuracy of the investigation.
Alastair Paterson's picture
Given the uncertain future of dark web marketplaces and the clandestine nature of insider activity, specialized insider marketplaces are emerging.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
Alastair Paterson's picture
Threat modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats.
Preston Hogue's picture
Securing applications and understanding vulnerabilities in code and IT systems will always be important. But today security pros must open their eyes to a much bigger picture.
Josh Lefkowitz's picture
With so many intelligence teams blinded by vast amounts of data and an overwhelmingly complex threat landscape, establishing the right intelligence requirements (IRs) can be challenging.
Joshua Goldfarb's picture
There are quite a few ways in which enterprises can look to properly evaluate various Vendor Risk Management (VRM) offerings and differentiate between them.
Bradon Rogers's picture
While a contract, distributed, partner-oriented workforce and supply chain can create serious risks to your organization, careful implementation of visibility and data protection strategies can help you mitigate many of the risks.
Josh Lefkowitz's picture
Before finalizing a vendor relationship, it’s crucial to construct a response plan in preparation for any future incidents the vendor might experience.