June 05, 2014 Added by:Rohit Sethi
Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.
June 05, 2014 Added by:Patrick Oliver Graf
In the not-so-distant past, when enterprises lacked ubiquitous high-speed Internet connections and the means to provide employees with remote access, organizations were far more likely to enforce strict working hours than they are today. After all, work wouldn't get done if employees weren't present.
June 04, 2014 Added by:Joe Weiss
When people complain that operators are too focused on safety and reliability I don’t know whether to laugh or cry.
June 04, 2014 Added by:Stefano Mele
The U.S. Government Accountability Office (GAO) found that twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information).
June 02, 2014 Added by:Tripwire Inc
Executive leadership (including the board member) is not typically interested in operational security details such as answers to questions about specific security control metrics. This information is too detailed and will be viewed as “noise” by those outside the IT and security teams.
May 27, 2014 Added by:Tripwire Inc
So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference?
May 27, 2014 Added by:Tal Be'ery
Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...
May 22, 2014 Added by:Rebecca Herold
Existing privacy laws address only a fraction of the privacy risks that exist, and new risks are emerging all the time. Don’t put your customers, and innocent children’s, privacy at risk by doing things that may be legal, but still a very bad privacy action.
May 20, 2014 Added by:Nima Dezhkam
As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.
May 15, 2014 Added by:Sonali Shah
“The King is dead, long live the King” speaks to the inevitability of succession. It is now not a stretch to think about the inevitability of future CEOs leaving power and ascending to power as a result of cyber breaches.
May 14, 2014 Added by:Andrew Avanessian
The most resilient organizations will be those that map out specific security controls that will turn their anticipation of threats into a plan of action. Increasingly, businesses are identifying an emerging theme for preventing security vulnerabilities: restricting employees and IT administrators to standard user accounts and removing the dangers associated with IT admin privileges.
Security Risks of Telecommuting... Marek Hudczak on 08-18-2014
Don’t Let Your Guard Down: Tragedies Pave ... shahbaz ocpfsd1 on 08-16-2014