October 30, 2014 Added by:Neohapsis
Sadly, even with sophisticated layers of defense, many organizations are facing similar thought processes of what to do “when” a data breach takes place rather than “if”.
October 28, 2014 Added by:Patrick Oliver Graf
From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge.
October 23, 2014 Added by:Tripwire Inc
Skilled people make the difference in protecting sensitive data, so it’s more critical than ever that public and private sectors begin training and hiring cyber security professionals.
October 22, 2014 Added by:Rebecca Herold
October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.
October 16, 2014 Added by:Anton Chuvakin
Security incidents call for an immediate incident response (by definition), while alerts need to be reviewed via an alert triage process in order to decide whether they indicate an incident, a minor “trouble” to be resolved immediately, a false alarm or a cause to change the alerting rules in order to not see it ever again.
October 07, 2014 Added by:Tripwire Inc
All we should hear from security professionals is glee as their well-oiled machines switch into gear and they get to prove that they are able to operate at times when mere mortals quake in fear. For many though this is not the reality.
October 06, 2014 Added by:Anton Chuvakin
Do not make your security architecture solely reliant on patching. Big vulnerabilities will happen and so will zero-days, so make sure that your entire security architecture does not crumble if there is one critical vulnerability: do defense in depth, layers, “least privilege”, controls not reliant on updates, monitoring, deception, etc.
October 02, 2014 Added by:Malwarebytes
No malware author wants an analyst snooping around their code, so they employ tricks to inhibit analysis.
October 01, 2014 Added by:Dan Dieterle
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
Is BYOD a Nightmare for IT Security or a Dre... Yuri Andrew on 10-30-2014
New Zero-day in Microsoft OLE Being Exploite... Lisa Harris on 10-30-2014
What PCI Requirements Apply to Us: Tacking a... shahbaz ocpfsd1 on 10-29-2014