By Marcos Colon 

July 21, 2016

The evolving threat landscape makes it incredibly difficult for security professionals to protect their organizations. You’d think that with the abundance of security solutions deployed they’d be able to manage cyber risk effectively, yet, the technology that’s intended to protect their organizations may be causing more problems.

Read more ...

Lose Yourself

By Katherine Teitler 

July 19, 2016

The role of the CISO is changing. We hear about it every day: CISOs must become more business oriented and fine-tune communication skills so other executives consider heads of security business equals.

Keep reading...

By Marcos Colon 

July 19, 2016

 

Security practitioners consistently deal with a slew of issues tied to protecting their organization’s most critical assets. When asked what keeps them up at night, it’s an endless list that features connected devices, shadow IT and making sense of the security and risk organization to board members.

Read more...

Spoofing

Spoofing, as it relates to cybersecurity, is part of an attempted adversarial attack aimed at fooling users into taking an action they normally wouldn’t unless requested by a trusted source. Spoofing can be used to alter IP addresses, email, callerID, URls, or other incoming information that is typically used to identify a source.

Keep reading...

The long and winding road

By Katherine Teitler 

July 14, 2016

Insider threat. Third-party risk. Phishing. Privilege escalation. Unencrypted sensitive data. This reads like a “Top 5” list of security concerns, but in fact it’s what allowed Su Bin, the owner of a Chinese aviation technology company, to help two Chinese nationals hack into Boeing’s network and steal more than 65GB of data from the defense contractor.

Keep reading...

We Are the World

By Katherine Teitler 

July 13, 2016

Privacy Shield, the much-anticipated new trans-Atlantic data transfer agreement between the EU and U.S., was approved yesterday by the European Commission. After months of debate and revisions, the Commission finally felt comfortable enough to rubber stamp the framework, which will actually undergo further analysis later this month. If the final-final agreement is approved on July 25, 2016, companies can self-register starting August 1, 2016.

Keep reading...

By Katherine Teitler 

July 12, 2016

The families of five terrorist attack victims filed a lawsuit in U.S. District Court on Monday. The defendant: Facebook. The families, claiming that the social media giant enabled Palestinian militants to carry out deadly attacks in Israel, are suing for more than $1 billion, calling into question the responsibility of technology companies when it comes to security. 

Keep reading...

Content Filtering

Content filtering is a way for organizations to screen and deny potentially harmful or objectionable data from websites, email, or executables. It is a form of censorship for information and media that helps organizations block known malicious or potentially malicious information from entering the network. Content filtering can be integrated into company policies and/or information security as a way of both communicating risks as well implementing controls and rules around what data and information is allowed and what’s denied.

Keep reading...

I wanna get better

By Katherine Teitler 

July 8, 2016

“A lot of security departments are swimming in the wrong direction,” says Raef Meeuwisse, Director of Cybersecurity at Cyber Simplicity Ltd. By this, Meeuwisse means that companies haven’t yet redirected the scope of their security programs—the tools, technologies, and processes—to reflect current threats. 

Keep reading...

Cry me a river

By Katherine Teitler 

July 7, 2016

Security practitioners have long decried the practices of password sharing. Now an appellate court has bolstered that sentiment by handing down a decision in United States v. Nosal, ruling that a former employee of executive search firm Korn/Ferry International has violated the Computer Fraud and Abuse Act, acting “without authorization” when he used credentials supplied to him by a current employee. Upon the defendant’s termination, Korn/Ferry’s IT department revoked system credentials. So far, so good: employee decides to leave company, company turns off access. Score one point for security! 

Keep reading...

Take a chance on me

By Katherine Teitler 

July 6, 2016

Even small, home-spun businesses have a handful of third-party vendors with which they must connect to keep the lights on and the money flowing. Larger organizations might have hundreds or thousands of partners in the supply chain. 

Keep reading...

Certificate Authority

A Certificate Authority (CA) is a trusted third party that issues digital certificates—small, verifiable digital files that contain credentials—which help establish secure communication between parties, entities, servers, or websites. The digital certificate binds ownership information (email address, IP address, name, certificate usage, etc.) to an owner’s public cryptographic key and the certificate ID of the certificate authority. A digital certificate will include the owner’s public key, expiration date of the certificate, a hash algorithm to validate the certificate hasn’t been tampered with, and other information about the public key.

Keep reading...

How you like me now?

By Katherine Teitler 

June 30, 2016

Depending on your source, insider threat accounts for anywhere from 27% - 77% of all breaches. Despite the disparity in agreement about size of the problem, most security practitioners agree that the difficulty identifying insider threat is greater than identifying external threats since insiders have legitimate access to and usage of sensitive company resources.  

Keep reading...

By Marcos Colón 

June 29, 2016

For security practitioners, the name of the game is risk management.  

These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders. We’re not talking about the Edward Snowdens of the world; we mean accounts compromised by miscreants or even honest employees that fall into the increasingly convincing phishing scams hitting their inboxes.

Keep reading...

Be true to your school

By Katherine Teitler 

June 27, 2016

Colleges and universities are generally considered settings for learning, openness, and ideas. Students and professors alike are encouraged to explore new thinking and push boundaries. The best academic universities on the planet have entire departments focused on researching subjects unconsidered universally. All of this individuality and exploration is a boon for those on the education end. Those on the information security end, on the other hand, face a set of challenges unfamiliar to enterprise security practitioners and leaders, whose employees and partners are all contractually bound in some way, shape, or form to the organization.

Keep reading...

Counting stars

By Katherine Teitler 

June 24, 2016

The 2016 Cost of a Data Breach Study conducted by Ponemon Institute and sponsored by IBM was released in mid-June. Some interesting information about how companies in different countries and industries are experiencing data breaches was included, but one thing the report fails to do is focus on how organizations, either by geographic region or by industry, are improving or declining year over year. Luckily, past reports are still available, enabling a side-by-side look at a few of the key findings.

Keep reading...

Movin’ right along

By Katherine Teitler 

June 21, 2016

Several years after the introduction of DevOps, the security community continues to laud the method while scant few developers are hopping on the bandwagon. One of the issues is that “security” isn’t part of DevOps. 

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.