Gregory Wilshusen of the GAO Offers Lessons Learned Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, say Gregory Wilshusen of the U.S. MORE
With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner MORE
Jeff Michael of Lastline Discusses the Current Threat Landscape In many organizations, overworked security analysts are trailing the bad guys in technology and knowledge, and this gap leads to increased risk, says Jeff Michael of Lastline MORE
Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Security MORE
Abdallah Zabian of DXC Technologies on Taking a Holistic Approach Security silos persist because stakeholders within the enterprise security ecosystem are focused on their own key performance indicators, says Abdallah Zabian of DXC Technology, who suggests a more holistic approach is needed MORE
130 
Oracle's Amit Zavery on Taking a Comprehensive Approach Cloud access security brokers are not a panacea for all cloud security problems, says Oracle's Amit Zavery, who advocates an end-to-end approach MORE
Microsoft's Diana Kelley Shares Insights on Bridging Cloud Security Gaps Because of the lack of specialists with the skills needed to run security operations in the cloud, intelligent automation is essential, says Microsoft's Diana Kelley MORE
In an interview, Al Pascual of Javelin Strategy & Research, discusses the challenges involved in securing the exploding IoT landscape consumers now own about 870 million IoT devices. MORE
Cisco's Harry Dogan Outlines the Challenges in Managing Security The growing use of multiple cloud services in enterprises is creating new security challenges, says Cisco's Harry Dogan, who shares common mistakes and fixes MORE
That’s where managed security services providers, or MSSPs, come in. The global market for managed security services is expected to rise to $48 billion by 2023, up from $24 billion in 2018, according to ReportLinker. Five years ago, Mauriello was working at a large global credit bureau, managing the credit monitoring giant’s in-house Security Operations Center. He went shopping for a MSSP to come in and help to reinforce certain security functions. MORE
Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting MORE
They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. We can securely bank online, but can't securely vote online. MORE
Aetna CSO Jim Routh on Why We Need a Whole New Approach to Cybersecurity Security thought leaders have long called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a "wartime" mindset. MORE
Organizations in all sectors need to strive to adopt a standardized approach for ensuring that security is built into internet of things devices at the design phase, says Vinod Kumar, CEO and managing director at Bangalore-based Subex, a telecom analytics solutions provider MORE
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. MORE
CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data MORE
The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis. MORE
But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks. MORE
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview MORE
Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance MORE
Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk MORE
alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security. MORE
I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. MORE
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. I don't see it replacing any of the good security guides out there, but instead augmenting them. MORE
Enter data-centric security… a set of technologies that lower the value of data through encryption, tokenization, data masking and access control methods. Luckily, data-centric security gives enterprises an effective option for protecting data within a big data environment. MORE
Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent. MORE
From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Congress has held multiple hearings about supply chain security challenges, and the U.S. MORE
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. MORE
At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made. In this view of security, customer service becomes a customer disservice. MORE
Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers MORE
A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities MORE
In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions MORE
Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene MORE
Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority MORE
Security Related Topics Data Breach Today
JULY 11, 2018
Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene
Krebs on Security
OCTOBER 12, 2018
alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security.
Krebs on Security
JULY 23, 2018
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
Data Breach Today
OCTOBER 17, 2018
The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.
Data Breach Today
SEPTEMBER 4, 2018
Joseph Feiman of WhiteHat Security on the Need for Cultural Change Application security is not improving because about 60 percent of vulnerabilities never get fixed, says Joseph Feiman of WhiteHat Security
Data Breach Today
APRIL 9, 2018
s Deputy CISO on the Challenge of Ensuring Content Security In this era of "fake news," Time Inc. Time Inc.'s Deputy CISO Preeti Palanisamy takes seriously the challenge of maintaining the integrity of journalism from content creation through production and eventual publication
Data Breach Today
JANUARY 1, 2018
A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities
Data Breach Today
SEPTEMBER 19, 2018
Saba Shariff of Symcor discusses techniques for greater collaboration on security Saba Shariff of Symcor on Improving Anti-Fraud Efforts Today's cybercriminals don't operate in silos, so why do companies?
Data Breach Today
AUGUST 16, 2018
Oracle's Amit Zavery on Taking a Comprehensive Approach Cloud access security brokers are not a panacea for all cloud security problems, says Oracle's Amit Zavery, who advocates an end-to-end approach
Data Breach Today
OCTOBER 3, 2018
Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting
Krebs on Security
OCTOBER 2, 2018
But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.
Data Breach Today
SEPTEMBER 21, 2018
Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk
Krebs on Security
SEPTEMBER 28, 2018
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.
Data Breach Today
OCTOBER 17, 2018
Organizations can effectively rely on managed security services providers to take care of many tasks, but certain strategic security functions must be handled in-house, says Sid Deshpande, research director at Gartner
Data Breach Today
JULY 3, 2018
Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent.
Data Breach Today
MAY 2, 2018
CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data
Data Breach Today
AUGUST 27, 2018
Jeff Michael of Lastline Discusses the Current Threat Landscape In many organizations, overworked security analysts are trailing the bad guys in technology and knowledge, and this gap leads to increased risk, says Jeff Michael of Lastline
Krebs on Security
AUGUST 16, 2018
At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made. In this view of security, customer service becomes a customer disservice.
The Last Watchdog
SEPTEMBER 6, 2018
That’s where managed security services providers, or MSSPs, come in. The global market for managed security services is expected to rise to $48 billion by 2023, up from $24 billion in 2018, according to ReportLinker. Five years ago, Mauriello was working at a large global credit bureau, managing the credit monitoring giant’s in-house Security Operations Center. He went shopping for a MSSP to come in and help to reinforce certain security functions.
Data Breach Today
APRIL 3, 2018
Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview
Schneier on Security
APRIL 20, 2018
They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. We can securely bank online, but can't securely vote online.
Troy Hunt
SEPTEMBER 11, 2018
Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Security
Data Breach Today
JULY 11, 2018
Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance
Krebs on Security
OCTOBER 5, 2018
From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Congress has held multiple hearings about supply chain security challenges, and the U.S.
Data Breach Today
OCTOBER 12, 2018
With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner
WIRED Threat Level
SEPTEMBER 28, 2018
SecurityUp to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.
Data Breach Today
MAY 31, 2018
OCR Alert Offers Insights on Keeping Patient Records Secure Are too many healthcare organizations and their business associates skimping on physical security measures for safeguarding patient records?
Data Breach Today
AUGUST 16, 2018
Microsoft's Diana Kelley Shares Insights on Bridging Cloud Security Gaps Because of the lack of specialists with the skills needed to run security operations in the cloud, intelligent automation is essential, says Microsoft's Diana Kelley
Data Breach Today
SEPTEMBER 4, 2018
Gregory Wilshusen of the GAO Offers Lessons Learned Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, say Gregory Wilshusen of the U.S.
Data Breach Today
AUGUST 29, 2018
In an interview, Al Pascual of Javelin Strategy & Research, discusses the challenges involved in securing the exploding IoT landscape consumers now own about 870 million IoT devices.
Data Breach Today
MARCH 8, 2018
In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions
Data Breach Today
AUGUST 24, 2018
Aetna CSO Jim Routh on Why We Need a Whole New Approach to Cybersecurity Security thought leaders have long called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a "wartime" mindset.
Schneier on Security
DECEMBER 14, 2017
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. I don't see it replacing any of the good security guides out there, but instead augmenting them.
Data Breach Today
SEPTEMBER 11, 2018
Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority
Data Breach Today
MAY 3, 2018
Organizations in all sectors need to strive to adopt a standardized approach for ensuring that security is built into internet of things devices at the design phase, says Vinod Kumar, CEO and managing director at Bangalore-based Subex, a telecom analytics solutions provider
Thales Data Security
OCTOBER 9, 2018
Enter data-centric security… a set of technologies that lower the value of data through encryption, tokenization, data masking and access control methods. Luckily, data-centric security gives enterprises an effective option for protecting data within a big data environment.
Schneier on Security
FEBRUARY 23, 2018
I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems.
Data Breach Today
JANUARY 18, 2018
Security Experts Weigh In To address growing concerns about Aadhaar, the Unique Identification Authority of India, which administers the ID program, is taking two key steps to add a layer of security. Will the New Steps Prove Effective?
Data Breach Today
SEPTEMBER 11, 2018
Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on business-driven security
Data Breach Today
AUGUST 9, 2018
Abdallah Zabian of DXC Technologies on Taking a Holistic Approach Security silos persist because stakeholders within the enterprise security ecosystem are focused on their own key performance indicators, says Abdallah Zabian of DXC Technology, who suggests a more holistic approach is needed
Data Breach Today
AUGUST 27, 2018
Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers
INDUSTRY INSIGHTS YOUR PEERS ARE READING
Let's personalize your content