Latest Blog Posts
September 23, 2014 Added by:Rebecca Herold
Most of the 250+ organizations I’ve audited, and the hundreds of others I’ve had as clients, hate documentation. At least creating documentation. So, they don’t do it, or they do it very poorly. Or, they document things they don’t need to, and fail to document the important things.
September 23, 2014 Added by:Wendy Nather
One thing that has bothered me for years is the tendency for security recommendations to lean towards the hypothetical or the ideal. Yes, many of them are absolutely correct, and they make a lot of sense. However, they assume that you're starting with a blank slate.
September 22, 2014 Added by:John Hawkins
Many IT decision makers feel pressure to adopt the cloud for the sake of not being left behind. But moving to the cloud is usually easier said than done.
September 22, 2014 Added by:Cyphort
After the first major success of POS malware breaching Target Corporation in November 2013 occurred, the number of POS device infections in the wild skyrocketed.
September 18, 2014 Added by:Elias Manousos
While customers won’t know or care which ad network delivered a malicious ad, they will blame the organization that owns the website or placed the ad that attacked them.
September 18, 2014 Added by:PCI Guru
The title of this post sounds like the start of one of those bad jokes involving the changing of light bulbs. But this is a serious issue for all organizations because, in today’s regulatory environment, it can be a free for all of audit after audit after assessment after assessment.
September 18, 2014 Added by:Rohit Sethi
All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.
September 17, 2014 Added by:Patrick Oliver Graf
America’s largest home improvement retailer seems to have a repair for everything, but after news that its payment systems had been breached, Home Depot has a lot of work ahead to get its own house in order. It faces a long road as it repairs its reputation, its relationships with customers and its network security.
September 17, 2014 Added by:Sahba Kazerooni
When all is well, there is nothing to worry about. A poorly configured backup system, however, can make life more than a little tricky when you can’t restore your files effectively or efficiently.
September 17, 2014 Added by:InfosecIsland News
Following a sold out event in 2013, the 2014 ICS Cyber Security Conference is expected to attract more than 250 professionals from around the world and again sell out. Attendees can register online and pay just $1895 for a full conference registration which includes 4 days AND workshops on Monday.
September 16, 2014 Added by:Sahba Kazerooni
What’s expected from you in your role as a CISO is expanding as companies rely heavily on more complicated information systems. There is a barrage of threats and more reliance on technology as businesses leave the pencil and paper behind. Status quo is not an option with so much change occurring within the IT industry, so let’s cover one aspect that is often overlooked; an effect...
September 16, 2014 Added by:Nate Kube
There are differences between industrial control systems and enterprise IT networks resulting in different security needs. To protect industrial networks, system operators must opt for an industrial next gen firewall with an IDS that fully understands industrial protocols and the specific context of each industrial command.
September 15, 2014 Added by:Joe Weiss
The electric grid has been, and continues to be, susceptible to unintentional and malicious cyber incidents.
September 15, 2014 Added by:Greg Akers
Teams that use intelligence inherent in the network will gain insight into how cyber actors operate and how to quickly shut them down.