Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The UK government's Cabinet Office has published the first iteration of its Minimum Cyber Security Standard, which will be incorporated into the Government Functional Standard for Security. [Read More]
Wiretap's Behavior Risk Analysis Report demonstrates that risky user communications are even more likely to occur in the relative privacy of collaboration tools than in traditional communication systems such as email. [Read More]
Researchers demonstrate how installing a malicious battery into a smartphone can allow attackers to harvest and exfiltrate sensitive data [Read More]
Intel Core processors affected by LazyFP vulnerability similar to Meltdown. Patches being developed, but many systems already not impacted [Read More]
Kaspersky suspends its collaboration with Europol and the NoMoreRansom initiative after the EU voted a resolution that describes the company’s software as “malicious” [Read More]
Australia will help fund and build an underseas communications cable to the Solomon Islands after the Pacific nation was convinced to drop a contract with Chinese company Huawei over security concerns [Read More]
Updates released by Microsoft for Windows enable a feature that should prevent attacks involving the recently disclosed Variant 4 of the Spectre/Meltdown flaws [Read More]
Atlanta information management head Daphne Rackley told the City Council that the Atlanta ransomware attack was far more serious than originally thought, and will require an additional $9.5 million to recover. [Read More]
AXA has entered an agreement with SecurityScorecard to have access to security ratings, which will be used to help set the premium for its insurance agreements. [Read More]
IBM adds two new features to its MaaS360 with Watson unified endpoint management (UEM) product: Business Dashboards for Apps and Policy Recommendation Engine [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Alastair Paterson's picture
Given the uncertain future of dark web marketplaces and the clandestine nature of insider activity, specialized insider marketplaces are emerging.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
Alastair Paterson's picture
Threat modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats.
Preston Hogue's picture
Securing applications and understanding vulnerabilities in code and IT systems will always be important. But today security pros must open their eyes to a much bigger picture.
Josh Lefkowitz's picture
With so many intelligence teams blinded by vast amounts of data and an overwhelmingly complex threat landscape, establishing the right intelligence requirements (IRs) can be challenging.
Joshua Goldfarb's picture
There are quite a few ways in which enterprises can look to properly evaluate various Vendor Risk Management (VRM) offerings and differentiate between them.
Bradon Rogers's picture
While a contract, distributed, partner-oriented workforce and supply chain can create serious risks to your organization, careful implementation of visibility and data protection strategies can help you mitigate many of the risks.
Josh Lefkowitz's picture
Before finalizing a vendor relationship, it’s crucial to construct a response plan in preparation for any future incidents the vendor might experience.
Rafal Los's picture
If you're not careful, security becomes a hinderance and a target. Where security leaders create inflexible environments, security tends to struggle.
Steven Grossman's picture
Without an understanding of where you stand today, new security tools will result in more redundancy and gaps in protection.