August 04, 2015 Added by:Steve Durbin
Organizations are struggling to cope with the quantum speed and sophistication of global cyber-attacks being carried out by organized cyber-criminal syndicates. Moving forward, businesses need to prepare to be targeted at any time, and any place, by multiple assailants. Organizations that wish to keep pace with these developments, and remain financially viable, need to take action now, or face the...
July 31, 2015 Added by:Rohit Sethi
There is a pervasive sentiment amongst the security community about checklists: they suck. We’ve all seen inflexible audit checklists that seem to be highly irrelevant to the specific system being audited.
July 17, 2015 Added by:Rohit Sethi
While static analysis is a very valuable technology for secure development, it is clearly no substitute for building applications with security in mind from the start.
July 06, 2015 Added by:Steve Durbin
Part III in this series looks at the need to institute a cloud assessment process and the four actions that organizations of all sizes can take to better prepare themselves as they place their sensitive data in the cloud.
June 23, 2015 Added by:Anthony M. Freed
Half of the nearly 1000 websites evaluated in the 2015 Online Trust Audit & Honor Roll study conducted by the Online Trust Alliance (OTA) were found to be failing to protect consumer’s personal data and privacy.
June 22, 2015 Added by:Steve Durbin
Cyber resilience has never been more important than it is today. As everything from supply chain management to customer engagement shifts to the cloud, operating in cyberspace now has bottom line implications if systems are disrupted. Cyber cloud resilience requires a balanced approach that protects both organizations and individuals while also enabling open, safe commerce and communication.
June 22, 2015 Added by:Tripwire Inc
Application security starts from the foundation – the source code.
June 17, 2015 Added by:Tripwire Inc
The mammoth rise in cybercrime has made organizations revise their application security strategy and implement new techniques to safeguard their software. This is largely because traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques.
June 15, 2015 Added by:Steve Durbin
Organizations are becoming increasingly dependent on their use of cloud services for business benefit both internally and when working with third party suppliers across multiple jurisdictions. However, while these services can be implemented quickly and easily, organizations need to have a clearer understanding of where their information is stored and how reliable these services are.
May 19, 2015 Added by:Anthony M. Freed
A new study based on the assessment of hundreds of SAP implementations found that over 95% of SAP systems were exposed to vulnerabilities that could lead to full compromise of an organization’s critical data.
May 06, 2015 Added by:Steve Durbin
Organizations function in a progressively cyber-enabled world today and traditional risk management isn’t nimble enough to deal with the risks from activity in cyberspace. Enterprise risk management needs to be extended to create risk resilience, built on a foundation of preparedness.
May 06, 2015 Added by:Paul Lipman
Today’s cyber criminals are more aggressive than ever before in their quest to achieve financial gains through hacking. With that being said, it should come as no surprise that our nation's schools are a prime target for such attacks. In this article, iSheriff CEO Paul Lipman highlights the five actions that can be taken to upgrade cyber security practices.
April 10, 2015 Added by:Paul Lipman
While SMBs are vulnerable to many of the same types of attacks as the companies making headlines (Target, JP Morgan, Home Depot, Anthem, etc.), they must defend themselves with vastly smaller IT teams and budgets. SMBs are finding they have a unique set of challenges and vulnerabilities that require a comprehensive but tailored approach to security.
The Government Says It Has a Policy on Disclosing Zero-Days, But Where Are the Documents to Prove It?
March 30, 2015 Added by:Electronic Frontier Foundation
Despite the White House’s claim that it had “reinvigorated” its policies in spring 2014 and “established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure,” none of the documents released in response to our lawsuit appear to be newer than 2010.
March 23, 2015 Added by:Anthony M. Freed
In yet another case that underscores the risks involved with employee mobile devices, a new study reveals that the average large enterprise has approximately 2,400 unsafe applications installed in its mobile environment.
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015