March 03, 2014 Added by:Joe Weiss
There has been no mad rush for cyber insurance as the focus has been NERC CIP and compliance not security.
February 27, 2014 Added by:Simon Moffatt
The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.
RSA's Art Coviello Calls for Increased International Cooperation and Governance Among Nations and Security Industry
February 25, 2014 Added by:InfosecIsland News
Art Coviello delivered his opening keynote to a record crowd at RSA Conference 2014, calling for international government and industry cooperation on major issues including cyber war, surveillance, privacy and trust on the Internet.
February 19, 2014 Added by:Anton Chuvakin
One of the key uses for threat intelligence (TI) data is making better threat intelligence data out of it.
February 06, 2014 Added by:Stephen Marchewitz
According to Ponemon estimates (PDF), the breach will cost Target over $2 Billion dollars. Will Target's CFO get fired? He probably couldn’t spell security before the incident, but had to testify before congress about what they’re going to do…talk about your crash courses.
February 04, 2014 Added by:Rafal Los
Demonstrating the effectiveness of a security program isn't about cherry-picking the right data sets, in the right time-frames to show how fantastic we are doing and patting ourselves on the back.
February 03, 2014 Added by:Brent Huston
When serious problems strike the complacent and unprepared, the result is inevitably shock followed by panic. And hindsight teaches us that decisions made during such agitated states are almost always the wrong ones. This is true on the institutional level as well.
January 28, 2014 Added by:Patrick Oliver Graf
The convergent trends of BYOD, the consumerization of IT and mobility are causing rapid shifts in employees’ expectations for their work environment. Employees are driving the change by working remotely and on their own devices resulting in the workplace itself becoming increasingly flexible.
January 27, 2014 Added by:Robb Reck
There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.
January 22, 2014 Added by:Pete Herzog
Teach employees not to say no. This and 4 other unconventional tricks will build or enhance your organization's security culture.
January 20, 2014 Added by:Vince Kornacki
In this article we'll test our web application with vertical password guessing attacks. Whereas horizontal password guessing attacks entail trying only a few common passwords against a long list of usernames, vertical password guessing attacks entail trying a long list of passwords against a single username.
January 18, 2014 Added by:Tripwire Inc
So, your CEO keeps hassling you about a “real” plan for securing the company’s technology. You have a plan, telling him “we have done a, b, c and we are going to do d,e,f next month – if you don’t cut our budget.” But he keeps asking for a “real” plan, otherwise he will cut the budget...
January 13, 2014 Added by:Allan Liska
On October 23rd the Internet Corporation for Assigned Names and Numbers (ICANN) announced the roll out of the first 4 gTLDS under its New gTLD Program. The new domains could pose a potential security threat to your organization.
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-18-2014
Is User Experience Part of Your Security Pla... Allan Pratt, MBA on 04-17-2014
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-17-2014