General
7 Security Threats You May Have Overlooked
November 11, 2014 Added by:Patrick Oliver Graf
In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks.
Comments (1)
Can Hackers Get Past Your Password?
November 05, 2014 Added by:Steve Durbin
Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.
Comments (2)
The True Cost of a Data Breach
October 20, 2014 Added by:Thu Pham
iThemes, a WordPress (WP) security provider, was recently breached and approximately 60,000 clients in their membership database had a slew of information stolen, including usernames, passwords, IP addresses and more. But, what is of particular concern is the fact that the company was storing their members’ passwords in plain text, which they admitted was in error in a
Comments (0)
Accepting Identity Theft
October 06, 2014 Added by:Brent Huston
I can recall a time when I wasn’t concerned about data theft. Eventually, buzz words such as “breach” and “identity theft” became a regular part of my vocabulary.
Comments (0)
Who Will Foot the Bill for BYOD?
September 10, 2014 Added by:Patrick Oliver Graf
The concept of "Bring Your Own Device" seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they're probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees g...
Comments (0)
Cached Domain Credentials in Vista/7 (AKA Why Full Drive Encryption is Important)
July 17, 2014 Added by:Neohapsis
Without full disk encryption (like BitLocker), sensitive system files will always be available to an attacker, and credentials can be compromised.
Comments (0)
Hacks of Houston Astros, Butler University Put Network Security on Center Stage
July 14, 2014 Added by:Patrick Oliver Graf
Together, the high-profile hacking of the Houston Astros and Butler University show why it’s important for every organization to think like an enterprise in constructing a network security plan.
Comments (0)
Big Data's Big Promise Isn't Here Yet
June 24, 2014 Added by:Tripwire Inc
What is interesting to me is how much hope people have for big data being the savior of the security world. I don’t believe that’s going to happen anytime soon.
Comments (0)
Adventures in Finding Cardholder Data
May 21, 2014 Added by:PCI Guru
In the past, organizations would rely on their database and file schemas along with their data flow diagrams and the project was done. However, the Council has come back and clarified that the search for cardholder data (CHD), primarily the primary account number (PAN).
Comments (0)
Insider Threat: Does It Matter Now? And How Much?
May 08, 2014 Added by:Anton Chuvakin
While everybody is reading the DBIR 2014, I wanted to re-read it with a particular lens – that on the insider threat.
Comments (0)
Verizon 2014 DBIR: Hide Your Servers and Call the Cops
April 23, 2014 Added by:Tripwire Inc
Know what you have, know how it’s vulnerable, configure it securely, and continuously monitor it to ensure it isn’t compromised and remains secure.
Comments (0)
BYOD For Government?
March 23, 2014 Added by:Cam Roberson
BYOD is fast becoming the norm for many enterprises, despite the security risks. Government agencies have been slower to adopt, but will need to start implementing policies that address BYOD.
Comments (1)
Zero Trust and the Age of Global Connectivity
February 27, 2014 Added by:Simon Moffatt
The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.
Comments (0)
Stopping Remote Access Breaches with “Honey”
February 07, 2014 Added by:Patrick Oliver Graf
A new approach, called “Honey Encryption”, could potentially offer more effective digital security by making fake data appear to be legitimate and valuable information to hackers.
Comments (6)
What the Snowden Leaks Can Teach Us About Data Security
November 14, 2013 Added by:Cam Roberson
One of the major issues discussed in the wake of the National Security Agency leak involving Edward Snowden was how the government can prevent a similar leak from happening in the future. This article looks at several specific measures that can strengthen data security, making it more difficult for bad actors to break into the system, and tougher for them to make off with sensitive information onc...
Comments (0)
Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
Comments (1)
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider
- SecurityWeek Extends ICS Cyber Security Conference Call for Presentations to August 31, 2020
- SecurityWeek to Host Cloud Security Summit Virtual Event on August 13, 2020
- Avoiding Fuelling the Cyber-Crime Economy