October 28, 2013 Added by:Patrick Oliver Graf
Remember, anything that is connected to the Internet is a potential target for hackers and cyber criminals. If they’ll hack your smartphone, tablet or laptop computer, who is to say they won’t try to do the same to your car?
October 24, 2013 Added by:Rafal Los
After what appears to be decades of systematically ignoring security challenges, the recent climate of breaches seems to have shaken something loose. Purse strings have loosened. Boards have begun to ask security questions when they have never done so before. And most of all, I'm seeing several organizations formally hiring CISOs and giving them both accountability and control over the security fu...
October 22, 2013 Added by:Patrick Oliver Graf
Every enterprise should consider implementing a comprehensive remote access security framework in light of increased workplace mobility and the BYOD trend.
October 22, 2013 Added by:Vince Schiavone
As the “social age,” “mobile age” and “consumer age” converge, enterprise risk is experiencing a evolutionary shift due to the array of complex emerging threats that are challenging corporations on various levels. With billions upon billions of daily social discussions from consumers, influencers, competitors, activists, journalists and regulators, an entirely new social dimension of r...
October 17, 2013 Added by:Rohit Sethi
Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.
October 16, 2013 Added by:Hani Banayoti
Consider encryption at rest but make informed decisions about its value and protection afforded.
October 15, 2013 Added by:Robb Reck
The implementation of a risk management focused information security program not only increases the security of the organization, it increases the collaboration between security and other technical stakeholders, frees up security to do what it does best (instead of making business decisions) and improves the organization’s risk awareness.
October 10, 2013 Added by:Michelle Drolet
Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing.
October 03, 2013 Added by:Vince Schiavone
To help executives understand and address the growing dangers of social risks threatening their revenue and reputation, I assembled a consortium of academic and commercial experts spanning social intelligence, enterprise risk, digital privacy, communications and security to write the industry’s first comprehensive handbook on the topic.
October 02, 2013 Added by:Stephen Marchewitz
A brief understanding of the process, time and overall cost of a Card Holder Data. All information contained in this article is for the purposes of awareness and education. If you have experienced a breach, contact a PFI company immediately.
September 26, 2013 Added by:Gavin Hill
Cyber-attacks continue to advance in complexity and speed and increasingly target the keys and certificates used to establish trust—from the data center to the cloud. With the advances in technology, is a 60-month, or even a 39-month, validity period for certificates short enough to reduce risk?
September 25, 2013 Added by:InfoSec Institute
Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication credentials and data. However, you can detect and defend against these types of attacks by using the right mix of file integrity check utilities, antivirus software, and change control policy.
September 19, 2013 Added by:Vince Schiavone
As the threats emerging from social media expand in type, frequency and complexity, the proverbial heads of many corporations are spinning as nearly every office across the C-suite experiences serious repercussions from these growing risks.
September 11, 2013 Added by:Rohit Sethi
Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.
August 30, 2013 Added by:Rohit Sethi
A one-sized fits all approach to Software Development Life Cycle (SDLC) security doesn’t work. Practitioners often find that development teams all have different processes – many seem they are special snowflakes, rejecting a single SDLC security program.
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-18-2014
Is User Experience Part of Your Security Pla... Allan Pratt, MBA on 04-17-2014
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-17-2014