Boosting Secure Coding Practices

Data Breach Today

Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices

Multilayered Security Gets Personal

Data Breach Today

First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption.

NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security.

The Challenge of Secure Coding

Data Breach Today

Jeff Williams of Contrast Security on Why Application Security Is So Critical In today's highly connected, cloud-based environment, application security is more critical than ever, says Jeff Williams, co-founder and CTO of Contrast Security, who explains why

Cloud 162

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Enhancing Security by Red Teaming

Data Breach Today

James Stanger of CompTIA on Improving Security Controls James Stanger, chief technology evangelist at CompTIA, explains why red teaming can prove highly beneficial in improving organizational security controls

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key.

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

Securing the Hyper-Connected Enterprise

Data Breach Today

Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction

From security at the perimeter to security at every interaction

Information Management Resources

One of the biggest factors in all the breaches and vulnerabilities is that application development methods have evolved very rapidly, very quickly, and not all enterprises’ security approaches have kept up. Data security Cyber security Cyber attacks

Revisiting Election Security Threats

Data Breach Today

FBI's Elvis Chan on What's Being Done to Secure the 2020 Election Heading into the 2020 U.S. presidential election preseason, the FBI is squarely focused on defending against nation-state hacks or influence. Elvis Chan of the FBI talks about preparations for a cybersecure election

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

Securing Smartphones from Eavesdropping

Data Breach Today

Mike Fong of Privoro Discusses Smartphone Encryption Smartphone security is paramount for certain scenarios, but software based encryption has been shown to be insufficient.

Managing Security Stack Sprawl

Data Breach Today

See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats. See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats

Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.

Audit Identifies Australian Health Sector Security Weaknesses

Data Breach Today

Similar to security deficiencies often found in the U.S. healthcare sector, weak security controls and practices are putting Australian patient data and hospital services at high risk for serious cyberattacks, according to a new government audit

Congressional Report Rips Equifax for Weak Security

Data Breach Today

Cloud Security: How the Dialogue Has Shifted

Data Breach Today

Palo Alto Network's Matt Chiodi on the Evolution of Public Cloud Security In just five years' time, the public cloud security conversation has changed dramatically, says Matt Chiodi of Palo Alto Networks. But security leaders still struggle with visibility and compliance

Cloud 216

Improving Healthcare Security Education

Data Breach Today

Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education.

Security's Role in Digital Transformation

Data Breach Today

GE Digital's Al Ghous on How CISOs Can Influence the Change Security has the opportunity - or challenge - to help drive digital transformation within the enterprise. Al Ghous of GE Digital describes how security leaders can maximize their influence and avoid potholes

The Impact of Digital Transformation on Security

Data Breach Today

Kory Daniels of Trustwave on Scaling Security at the Speed of Business Identifying the data gaps in the rapidly expanding attack surface is critical to allow more sophisticated preventive and response capabilities, says Kory Daniels of Trustwave

GitHub introduces new tools and security features to secure code

Security Affairs

GitHub announced the introduction of several new tools and security features to help developers secure their code. The popular code repository hosting service GitHub continues its efforts in helping its customers in developing and maintaining a secure code.

Tools 88

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

As a nation, we are much less safe from a cyber security posture than we were a month ago.” “These are criminal investigations involving national security. “In the past week, the number of outdated Web security certificates held by U.S. The ongoing partial U.S.

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Election Security Is Still Hurting at Every Level

WIRED Threat Level

Security Security / National SecurityWith the 2020 election fast approaching, too many problems from 2016 persist.

2019 IoT Security Outlook

Data Breach Today

DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings

IoT 149

Essentials of Supply Chain Security

Data Breach Today

Matan Or-El, CEO of Panorays, discusses the weakest links of supply chain security and how to strengthen them with automated tools

Aussie Security Researcher Avoids Prison Over Hacking

Data Breach Today

Nik Cubrilovic Must Pay GoGet, Do Community Service An Australian security researcher who pleaded guilty to several charges related to probing the network of popular car-sharing service GoGet has avoided jail time.

Vendor Security Risk Management: A Growing Concern

Data Breach Today

Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security

Securing the News

Data Breach Today

s Deputy CISO on the Challenge of Ensuring Content Security In this era of "fake news," Time Inc. Time Inc.'s Deputy CISO Preeti Palanisamy takes seriously the challenge of maintaining the integrity of journalism from content creation through production and eventual publication

DNS Security

Adam Shostack

They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. The report is available from GCA’s site: Learn About How DNS Security Can Mitigate One-Third of Cyber Incidents. breach analysis measurement Reports and Data SecurityI’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

How to Shop Online Like a Security Pro

Krebs on Security

Here are some other safety and security tips to keep in mind when shopping online: -WHEN IN DOUBT, CHECK ‘EM OUT: If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation.

How To 282

The Role of 'Prosilience' in IoT Security

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of the role of "prosilience" in IoT security, plus the problem of overnotification under GDPR and the notion of "Spartacus as a Service

IoT 192

Security Vulnerabilities in Star Wars

Data Breach Today

A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities

The Critical Need for Application Security

Data Breach Today

Jeff Williams of Contrast Security on Self-Protecting Software Secure code remains a problem for all software. Jeff Williams of Contrast Security explains a new approach - protecting code from within

Applying Secure Multiparty Computation Technology

Data Breach Today

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications

Healthcare Security Summit Offers Insights From CISOs

Data Breach Today

Tech and Government Leaders Also Will Tackle Hot Security Topics ISMG's Healthcare Security Summit, to be held in New York on June 25, will feature a top-notch roster of expert speakers, including regulatory and law enforcement authorities, CISOs from leading healthcare provider organizations and technology thought leaders

The Challenge of Securing Cryptocurrencies

Data Breach Today

Ondrej Krehel of LIFARS Outlines Fraud Vulnerabilities Cryptocurrency exchanges have been notable targets for fraudsters, says Ondrej Krehel of LIFARS, who describes their vulnerabilities

The Rise of Security-Driven Networking

Data Breach Today

Traditionally, enterprises have built networks and then added security elements. But in what he describes as "the third generation of security," Fortinet's John Maddison promotes a model of security-driven networking. Hear how this can improve an organization's security posture

Why Perimeter Security Still Matters

Data Breach Today

Adam Bixler of Netscout on Countering Evolving Attacks Why do CISOs need to continue to pay attention to perimeter security? Adam Bixler of Netscout Systems provides insights on the importance of countering rapidly evolving perimeter attacks