Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A new Senate report highlights the decade-long failure of several federal agencies to secure their systems and protect sensitive and personal information. [Read More]
Google is making web browsing with Chrome safer with a new option for reporting suspicious websites and a new warning mechanism for sites that use deceptive URLs. [Read More]
SecurityScorecard, a provider of security ratings, has completed a $50 million Series D financing round led by Riverwood Capital, bringing the company’s total funding to $110 million. [Read More]
Cloudflare releases a new free API designed to help CAs securely issue certificates by ensuring that malicious actors cannot complete the domain control validation process via BGP hijacking and DNS spoofing attacks. [Read More]
Florida’s county elections departments will retain $2.3 million in unspent grant money aimed at stopping cyber-attacks on the state’s voting system, Gov. Ron DeSantis announced Monday. [Read More]
The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 after successfully exploiting it for remote code execution. [Read More]
Some U.S. government agencies still rely on knowledge-based identity verification despite the fact that the OPM and Equifax breaches have made this system insecure. [Read More]
Rapid7 has analyzed the visible cyber exposure of some of the UK's largest companies -- the FTSE 250. [Read More]
Organizations have been investing more in ICS cyber security and the results are showing, but many still rate their overall risk profile as severe or high, according to the SANS 2019 State of OT/ICS Cybersecurity Report. [Read More]
Huawei's cyber security chief told the UK parliament Monday that the Chinese telecoms giant has been advised it was under no obligation to spy for Beijing if so asked by the Communist state. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Torsten George's picture
Like the NIST Cybersecurity Framework, it integrates relevant regulations (e.g., HIPAA) and standards (NIST 800-53, ISO 27001, PCI DSS) into a single overarching security framework.
Josh Lefkowitz's picture
There’s no point in having billions of data points if those data points aren’t timely, accurate, actionable, and adequately map to your intelligence objectives and requirements.
Nick Sanna's picture
Board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.
Justin Fier's picture
Over time, holding people responsible will lead individuals to see how their actions impact the security of the organization and come to consider themselves responsible for the security of the company.
Josh Lefkowitz's picture
It is important to understand how the right intelligence can support network defense teams, fraud, physical security, M&A, insider threat, supply chain, and brand reputation teams, among others.
Alastair Paterson's picture
Although the challenge may seem insurmountable, there’s a lot that security professionals can do to mitigate insider risk.
Nick Sanna's picture
Cyber risk has risen to the level of enterprise risk – which they expect to be measured, managed, and reported in the terms that the rest of the enterprise understands.
Marie Hattar's picture
Cybersecurity teams need to adopt an adversarial mindset and understand what their enemies are capable of and prepare an appropriate response.
Torsten George's picture
Solving the security challenges healthcare providers face will fuel faster growth, enable further digital transformation, and ultimately result in enhanced patient care and data protection.
Preston Hogue's picture
Security teams should think about how company data might connect with data from other organizations or industries and how those combined data sets could be triangulated into a larger picture that ultimately puts you at risk.