INDUSTRY INSIGHTS YOUR PEERS ARE READING
Jeff Michael of Lastline Discusses the Current Threat Landscape In many organizations, overworked security analysts are trailing the bad guys in technology and knowledge, and this gap leads to increased risk, says Jeff Michael of Lastline MORE
Oracle's Amit Zavery on Taking a Comprehensive Approach Cloud access security brokers are not a panacea for all cloud security problems, says Oracle's Amit Zavery, who advocates an end-to-end approach MORE
Manufacturers need to change their approach to securing internet of things devices, says Aloysius Cheang, executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science, a U.K.-based based think tank, who describes what needs to be done MORE
This is the Internet of Things, and it's a security nightmare. By developing more advanced security features and building them into these products, hacks can be avoided. Consumers will buy products without proper security features, unaware that their information is vulnerable. MORE
Cisco's Harry Dogan Outlines the Challenges in Managing Security The growing use of multiple cloud services in enterprises is creating new security challenges, says Cisco's Harry Dogan, who shares common mistakes and fixes MORE
You often hear the term ‘cyber security incident’ when an organisation’s systems are compromised rather than ‘breach’ or ‘hack’. This is also the case for the term ‘cyber security incident’. Find out more >> The post What is a cyber security incident? MORE
The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. The post MITRE evaluates Enterprise security products using the ATT&CK Framework appeared first on Security Affairs. MORE
Report: Medicaid Data and Systems Could Also Be at Risk at Other Medicaid MCOs A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges MORE
Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting MORE
They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. We can securely bank online, but can't securely vote online. MORE
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. MORE
CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data MORE
The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis. MORE
But our troubles in describing the forces at work in security, or the nature or measure of the defenses that we seek to employ, are fundamental. books Security Software EngineeringGordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book. MORE
Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S. MORE
Tandigm Health Reports Vulnerability in Physician Portal In yet another sign that website security issues are far too common in the healthcare sector, Tandigm Health says a vulnerability on a physician portal potentially exposed patient data MORE
But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks. MORE
Organizations must recognize and mitigate the threats that affect their digital security most. New and evolving threats eradicate data, distract security teams so hackers can commandeer the enterprise, and use artificial intelligence (AI) to outsmart smart security technologies. Then, choose any additional security measures that are necessary for the remaining risks and data. Organizations can align appropriate security measures with specific threats. MORE
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview MORE
Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance MORE
Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). MORE
Compliance concerns certainly have their place in today’s enterprise, however, they should not be viewed as interchangeable with security best practices. Data security Cyber security Data management MORE
Find out all the benefits of using one security solution across your on-premises data center and AWS cloud workloads. MORE
Chris Bowen of ClearDATA on Improving 'Change Management' Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA MORE
Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk MORE
There are lots of articles about there telling people how to better secure their computers and online accounts. If you or someone you know is 18 or older, you need to create a Social Security online account. But why limit it to the Social Security Administration? MORE
Fortinet's Sonia Arista Brings CISO's Perspective to Security Solutions As a former healthcare CISO, Fortinet's Sonia Arista has a unique perspective on how cybersecurity vendors can best assist in the ongoing challenge of securing critical medical devices MORE
alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security. MORE
Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent. MORE
Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer. MORE
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. MORE
At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made. In this view of security, customer service becomes a customer disservice. MORE
Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education. MORE
Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks MORE
A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities MORE
In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions MORE
Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications MORE
Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene MORE
Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating MORE
Here are some other safety and security tips to keep in mind when shopping online: -WHEN IN DOUBT, CHECK ‘EM OUT: If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation. MORE
Security Related Topics Krebs on Security
DECEMBER 1, 2018
Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.
Data Breach Today
DECEMBER 4, 2018
Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.
Data Breach Today
DECEMBER 5, 2018
Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications
Data Breach Today
NOVEMBER 20, 2018
Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education.
Krebs on Security
NOVEMBER 23, 2018
Here are some other safety and security tips to keep in mind when shopping online: -WHEN IN DOUBT, CHECK ‘EM OUT: If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation.
Data Breach Today
JULY 11, 2018
Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene
Data Breach Today
DECEMBER 7, 2018
Chris Bowen of ClearDATA on Improving 'Change Management' Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA
Krebs on Security
JULY 23, 2018
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
Schneier on Security
DECEMBER 4, 2018
There are lots of articles about there telling people how to better secure their computers and online accounts. If you or someone you know is 18 or older, you need to create a Social Security online account. But why limit it to the Social Security Administration?
Data Breach Today
APRIL 9, 2018
s Deputy CISO on the Challenge of Ensuring Content Security In this era of "fake news," Time Inc. Time Inc.'s Deputy CISO Preeti Palanisamy takes seriously the challenge of maintaining the integrity of journalism from content creation through production and eventual publication
Data Breach Today
JANUARY 1, 2018
A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities
Data Breach Today
SEPTEMBER 4, 2018
Joseph Feiman of WhiteHat Security on the Need for Cultural Change Application security is not improving because about 60 percent of vulnerabilities never get fixed, says Joseph Feiman of WhiteHat Security
Data Breach Today
NOVEMBER 21, 2018
Fortinet's Sonia Arista Brings CISO's Perspective to Security Solutions As a former healthcare CISO, Fortinet's Sonia Arista has a unique perspective on how cybersecurity vendors can best assist in the ongoing challenge of securing critical medical devices
Data Breach Today
AUGUST 21, 2018
Cisco's Harry Dogan Outlines the Challenges in Managing Security The growing use of multiple cloud services in enterprises is creating new security challenges, says Cisco's Harry Dogan, who shares common mistakes and fixes
Schneier on Security
DECEMBER 5, 2018
Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks
Krebs on Security
OCTOBER 12, 2018
alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security.
Data Breach Today
AUGUST 16, 2018
Oracle's Amit Zavery on Taking a Comprehensive Approach Cloud access security brokers are not a panacea for all cloud security problems, says Oracle's Amit Zavery, who advocates an end-to-end approach
Data Breach Today
SEPTEMBER 19, 2018
Saba Shariff of Symcor discusses techniques for greater collaboration on security Saba Shariff of Symcor on Improving Anti-Fraud Efforts Today's cybercriminals don't operate in silos, so why do companies?
Adam Shostack
DECEMBER 7, 2018
But our troubles in describing the forces at work in security, or the nature or measure of the defenses that we seek to employ, are fundamental. books Security Software EngineeringGordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book.
Data Breach Today
NOVEMBER 13, 2018
Manufacturers need to change their approach to securing internet of things devices, says Aloysius Cheang, executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science, a U.K.-based based think tank, who describes what needs to be done
Data Breach Today
JULY 3, 2018
Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent.
Data Breach Today
SEPTEMBER 21, 2018
Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk
Data Breach Today
DECEMBER 3, 2018
Report: Medicaid Data and Systems Could Also Be at Risk at Other Medicaid MCOs A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges
Data Breach Today
MAY 2, 2018
CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data
Data Breach Today
OCTOBER 17, 2018
The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.
Data Breach Today
OCTOBER 26, 2018
The case highlights how basic security messaging on protecting cryptocurrency isn't getting through
Schneier on Security
NOVEMBER 13, 2018
This is the Internet of Things, and it's a security nightmare. By developing more advanced security features and building them into these products, hacks can be avoided. Consumers will buy products without proper security features, unaware that their information is vulnerable.
Data Breach Today
OCTOBER 3, 2018
Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting
Krebs on Security
OCTOBER 2, 2018
But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.
Information Management Resources
DECEMBER 10, 2018
Compliance concerns certainly have their place in today’s enterprise, however, they should not be viewed as interchangeable with security best practices. Data security Cyber security Data management
Data Breach Today
AUGUST 27, 2018
Jeff Michael of Lastline Discusses the Current Threat Landscape In many organizations, overworked security analysts are trailing the bad guys in technology and knowledge, and this gap leads to increased risk, says Jeff Michael of Lastline
Krebs on Security
SEPTEMBER 28, 2018
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.
Security Affairs
DECEMBER 6, 2018
Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed).
InfoGoTo
NOVEMBER 14, 2018
Organizations must recognize and mitigate the threats that affect their digital security most. New and evolving threats eradicate data, distract security teams so hackers can commandeer the enterprise, and use artificial intelligence (AI) to outsmart smart security technologies. Then, choose any additional security measures that are necessary for the remaining risks and data. Organizations can align appropriate security measures with specific threats.
Schneier on Security
APRIL 20, 2018
They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. We can securely bank online, but can't securely vote online.
Data Breach Today
DECEMBER 4, 2018
Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating
Data Breach Today
APRIL 3, 2018
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview
Data Breach Today
JULY 11, 2018
Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance
Data Breach Today
DECEMBER 6, 2018
Find out all the benefits of using one security solution across your on-premises data center and AWS cloud workloads.
Security Affairs
DECEMBER 1, 2018
The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. The post MITRE evaluates Enterprise security products using the ATT&CK Framework appeared first on Security Affairs.
IT Governance
NOVEMBER 23, 2018
You often hear the term ‘cyber security incident’ when an organisation’s systems are compromised rather than ‘breach’ or ‘hack’. This is also the case for the term ‘cyber security incident’. Find out more >> The post What is a cyber security incident?
Data Breach Today
MARCH 8, 2018
In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions
Krebs on Security
AUGUST 16, 2018
At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made. In this view of security, customer service becomes a customer disservice.
161 
Let's personalize your content