August 21, 2013 Added by:Cam Roberson
Employers can be diligent in installing encryption protection software on the devices their employees use, but what happens if the password is compromised? Whenever the password is known, the laptop, smartphone or tablet is at no less security risk with encryption as it is without.
August 14, 2013 Added by:Bill Wheeler
Recent reports have found that cyberattacks against U.S. corporations are on the rise, along with an increase in international threats, especially from China, and emerging threats to small businesses. Today, it’s not a matter of if an organization will be the victim of a cyberattack, but when.
July 31, 2013 Added by:InfosecIsland News
Austin-based Wisegate has released a report that provides top 10 tips from leading CISOs to help IT professionals manage security vendors.
July 23, 2013 Added by:Dan Kuykendall
Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.
July 12, 2013 Added by:Anthony M. Freed
To better understand how we as security professionals can hone our messaging across the organization and up the corporate food chain to elicit the responses we are seeking, we recently spoke at length with Michael Santarcangelo of Security Catalyst, widely recognized in the security field as an effective communicator and catalyst for change and improvement.
July 11, 2013 Added by:Jan Valcke
Security is not an optional feature to be implemented after the horse has bolted. Lack of security may have severe consequences and can result in destructed corporate image, severe revenue losses and liability suits. Strong authentication alleviates a lot of security concerns and can help build customer trust, credibility and can even become a competitive advantage.
July 10, 2013 Added by:InfosecIsland News
With APTs leveraging these weaknesses, it’s critical to have visibility and control of enterprise key and certificate inventories. Cyber criminals understand that the easy targets are those organizations that have little visibility into their threat surface and cannot respond quickly. We need to gain control over trust; we need to plug the gap related to key & certificate-based exploits. (Re...
July 02, 2013 Added by:Rafal Los
Very few companies are actively using security intelligence for better defense. What gives? This post will describe for you what I believe it means to extract value from security intelligence. And more important, why I believe three out of four enterprises are still failing to get that value.
July 01, 2013 Added by:Brad Bemis
Why are you always so negative about the state of the security industry and how we're fairing in the information protection game?
June 25, 2013 Added by:Paul Lipman
Relying on traditional security measures to catch the bad guy in action or prevent being the victim of a breach doesn’t cut it in today’s threat landscape, and IT teams don’t have the time and resources to address each threat vector in isolation, nor should they have to.
June 20, 2013 Added by:Rafal Los
Private industry and corporations alike are talking about “hack-back.” It’s no secret I believe that “hack-back” is a bad idea, for many reasons.
June 20, 2013 Added by:Eric Chiu
In a competitive business environment, reputation is a critical differentiator. Any company that suffers from a major data breach, instigated by an employee with a small grudge and big access, could face devastating consequences to the corporate brand, and to the bottom line.
June 18, 2013 Added by:Tripwire Inc
This post is all about Control 13 of the CSIS 20 Critical Security Controls – Boundary Defense. Here we explore the (29) requirements I’ve parsed out of the control.
June 14, 2013 Added by:Vinod Mohan
Given the expanding threat landscape for the SMB and the increased demand for affordable IT security tools, here are five valuable tips for IT pros that help shed light on managing enterprise security on a budget.
June 12, 2013 Added by:Ian Tibble
The notion that VA tools really can be used to give a decent picture of vulnerability is still heavily embedded, and that notion in itself presents a serious vulnerability for businesses.
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015