Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

NATO running Cyber Coalition 2018, the alliance's biggest cyber warfare exercise [Read More]
AWS launches Security Hub, a service that aggregates and prioritizes security alerts from both AWS and third-party security tools [Read More]
CyberGRX has raised $30 million in Series C funding, bringing the total amount raised by the company to $59 million. [Read More]
New Zealand's international spy agency halted mobile company Spark from using Huawei equipment in its planned 5G upgrade, saying it posed a "significant network security risk." [Read More]
While CVSS can be useful for rating vulnerabilities, the use of the standard for flaws affecting ICS can have negative consequences, particularly if an organization relies solely on it for prioritizing patches [Read More]
U.S. Office of Personnel Management (OPM) has improved its security posture since the data breaches disclosed in 2015, but many issues are still unresolved, GAO says in a report [Read More]
Cyberattacks are seen as the top risk to doing business in Europe, North America, and the East Asia and Pacific region, according to a new report from the World Economic Forum [Read More]
A new report from Tenable shows that prioritizing vulnerabilities based on severity and exploitability is increasingly ineffective. The number of new flaws found this year could reach 19,000 [Read More]
The National Insider Threat Task Force (NITTF) published a new Insider Threat Program Maturity Framework designed specifically designed for government departments and agencies. [Read More]
Industrial control systems (ICS) are vulnerable to power analysis side-channel attacks, researcher warns [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Laurence Pitt's picture
Failure to implement basic cybersecurity hygiene practices will leave retailers vulnerable to damage and fines during a lucrative time for their businesses.
Alastair Paterson's picture
As you develop a brand protection program, here are five concrete things you can do now to proactively identify and mitigate risk to your brand.
Josh Lefkowitz's picture
It’s relatively commonplace for CTI and incident response teams to establish a coordinated response plan in preparation for a cyber attack, but—as demonstrated by WannaCry—it’s imperative for physical security teams to be involved in such plans as well.
Mike Fleck's picture
A small business with one running all of IT, cannot defend against cyber-attacks from the North Korean military with the same vigor as Lockheed Martin or Northrup Grumman.
Torsten George's picture
Like the NIST Cybersecurity Framework, it integrates relevant regulations (e.g., HIPAA) and standards (NIST 800-53, ISO 27001, PCI DSS) into a single overarching security framework.
Josh Lefkowitz's picture
There’s no point in having billions of data points if those data points aren’t timely, accurate, actionable, and adequately map to your intelligence objectives and requirements.
Nick Sanna's picture
Board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.
Justin Fier's picture
Over time, holding people responsible will lead individuals to see how their actions impact the security of the organization and come to consider themselves responsible for the security of the company.
Josh Lefkowitz's picture
It is important to understand how the right intelligence can support network defense teams, fraud, physical security, M&A, insider threat, supply chain, and brand reputation teams, among others.
Alastair Paterson's picture
Although the challenge may seem insurmountable, there’s a lot that security professionals can do to mitigate insider risk.