By Katherine Teitler

February 21, 2017

Whataya want from me?

We’ve all heard about the security staffing shortage; it attracts a lot of press and is hard to ignore. If you’re currently working for an organization that is not hiring, you, yourself, might be receiving regular calls from recruiters about one of the estimated 1 million open positions. Maybe you’re even covertly scoping out your next job opportunity. 

Read more ...

By Marcos Colón

February 16, 2017

As risks associated with critical assets have evolved over time, so has the role of the CISO. While some security professionals have climbed the ranks based on their technical know-how, it’s the transition into the business leadership role that tends to present the challenges for chief security officers. 

Read more ...

By Kerry Anderson

February 14, 2017

This decade has emerged as the "decade of the cloud." While cloud has technically existed in earlier forms—application service providers and hosted solutions, for instance—for almost twenty years, the current cloud marketplace offers a wide selection of services designed to meet the requirements of organizations looking to outsource certain aspects of operations.

Keep reading...

By Katherine Teitler

February 13, 2017

Once in a lifetime

What is security’s purpose if not to help with risk management? Organizations run on varying degrees of risk—financial risk, operational risk, market risk, sociopolitical risk, etc.—and information security has become a big piece of the risk picture. More and more, heads of security are being asked to present to the board, yet many CISO’s continue to struggle with conveying how the operational aspects of security impact strategic risks to the business.

Read more ...

By Katherine Teitler

February 9, 2017

If the fish don’t bite

Just when you thought the infamous “Nigerian Prince” was a ubiquitously understood joke, it seems the security industry still has a long way to go when it comes to phishing. Over the years we’ve watched as attackers have grown craftier in their methods, targeting specific users and carefully designing legitimate-looking emails that are challenging to immediately identify as malicious. Surely some attack groups employ professional designers and marketers, but a new phishing scam is proving that unrefined attempts still exist. 

Read more ...

By Ira Winkler

February 8, 2017

As a person who currently focuses on security awareness, hearing about or witnessing successful phishing attacks is frustrating. What is more frustrating is listening to security professionals blame users for falling for a phishing message instead of looking at themselves. 

Read more ...

By Katherine Teitler

February 7, 2017

American Tune

Leadership is a lot like playing in an orchestra. For those less familiar with an orchestra setting, let me explain. The basics: A traditional orchestra is made up of strings (violins, violas, cellos, and double basses), woodwinds (flute, clarinet, oboe, bassoons), brass (trumpets, French horns, trombones, tuba), and percussion (various drums, symbols, and other things one hits), plus keyboards (which bridge the string and percussion categories). 

Read more ...

By Joshua Marpet and Scott Lyons

February 6, 2017

How Technologists and the Business don’t communicate.

Technologists are the bedrock of IT and IT security. They innovate, create, build, implement, maintain, and decommission the most amazing software and hardware systems ever compiled. Even something as simple as a file server, which is only supposed to store and backup files, has to deal with firewall rules, authentication, authorization, travel across VPN’s, backup/restore, and monstrous amounts of other factors. 

Read more ...

By Katherine Teitler

February 2, 2017

Been caught stealing

In today’s infosec climate, many security professionals espouse the fatalistic belief that there are two types of companies: Companies that have been breached and those that don’t know it yet. It’s true that cyberspace is growing by the day, and as companies and individuals add more information to internet-accessible sources, the risk of compromise of that data grows in parallel. With this greater risk comes more responsibility. 

Read more ...

By Kristy Westphal

February 1, 2017

A funny thing happened on the way to designing threat intelligence programs….we forgot about the risks! We as an industry tend to buy a lot of tools, sift through a lot of data, and send out a bunch of reports, but we forget to ask what we are really doing all of this for.

Read more ...

By Katherine Teitler

January 30, 2017

Secret agent man

The idea of a password as a security mechanism is sound: One user with an individual identity plus a unique, secret password. In the physical world, this combination often works as it should, since the user’s identity travels with the user (in effect, adding a second factor of identification). In the online realm, well, all security practitioners know the issues. 

Read more ...

By Katherine Teitler

January 27, 2017

Danger zone

“A strong incident response plan is a key component of any organization’s cyber defense,” says Lucie Hayward, Managing Consultant with Kroll’s Cyber Investigations division. Yet the term “incident response,” in and of itself, is a bit of a misnomer. “Incident response” implies after-actions, but in reality, as indicated in Hayward’s statement, incident response is a lot of hard, detailed preparation work that must be undertaken well in advance of a detected incident or breach. Hayward and her team assist clients in responding to cyber incidents, and she says that the actions an organization has to take once an incident or breach has been declared can vary widely based on whether or not the affected organization completed this pre-work.

Read more ...

By Katherine Teitler

January 26, 2017

Fortress around your heart

“Do you remember the first time you entered a bank as a child,” asked Mike Kearn, VP, Principal Architect & ISO at US Bank, “What did it look like? It was pretty impressive, right? The bank had high ceilings and buffed marble floors; there were security guards stationed at the doors and vault entrances. Before you got to the vault, though, you and your parent(s) had to meet a bank officer, show a form of identification, and sign some paperwork. And then there was the vault door itself: huge, and at least a half foot thick. The bank presented all impressions that you were in a safe, secure environment, that there was layered security at every turn.”

Read more ...

By Katherine Teitler

January 25, 2017

The logical song

To say that the security vendor marketplace is crowded would be an understatement. For any problem a security team faces that can be aided with technology, look no farther than a conference expo floor and you’re sure to find (at least) dozens of self-proclaimed solutions in any given category. Conferences are perfect opportunities for vendors to get in front of large numbers of potential buyers and tell their story. For the buyer, though, this dizzying array of options can be overwhelming, especially amidst the flurry of concurrently broadcasted booth presentations, personal introductions, swag handouts, and ever-eager booth staff. How can a security technology buyer or evaluator cut through the marketing hype and determine what’s right for his or her company’s environment? 

Read more ...

By Katherine Teitler

January 20, 2017

Back in time

On this first day of a Donald Trump presidency, many people around the world are watching and wondering what is going to happen in corporate America. The speculation is no less prevalent in the security industry. After all, cybersecurity has become a “hot topic” in the last few years, gaining a great deal of public awareness and interest. With that heightened awareness—and the realities (dangers) of increased digital assets—the Obama administration made grand gestures towards improving cybersecurity policies and programs which promised $19 billion in funding, support, and increased public-private collaboration.

Read more ...

By Katherine Teitler

January 19, 2017

Change your mind

Security staff are infamous for declaring “security does not equal compliance” whenever the topic of compliance is mentioned by a non-security person. The reasoning behind this is sound: Compliance is a set of minimum requirements and auditable actions or technologies. In some cases, compliance mandates have little to do with security at all, making security staff feel like they’re working on projects that don’t further their cause—particularly frustrating when security is overworked and understaffed. 

Read more ...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

ACV17 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.