Security experts Raef Meeuwisse and Ed Moyle provide a breakdown of tips you up-and-coming security leaders can leverage to have a successful start in the cybersecurity field.

Here’s the truth about editing: editing is vital to producing a good audit report. It’s also tricky and time-consuming. Editing includes content changes, proofreading, grammar, wording, format, structure, and multiple revisions.

In the full video interview below, Tonia Dudley, security solutions advisor at Cofense, provides us with a glimpse into the state of phishing attacks in 2019, and more importantly, what security professionals should be doing about it.

In part four of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Todd Shaffer, senior vice president and chief risk officer at Johnson Financial Group, who discussed how internal audit leaders are approaching cybersecurity issues today.

DeMISTIfying Security experts Ed Moyle and Raef Meeuwisse discuss recruitment and retention challenges in cybersecurity and offer up some advice for security leaders on the topic.

In part three of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with Patti Puccinelli, vice president of audit advisory services at ManpowerGroup, who discussed why it’s so important for internal audit leaders to continually keep pace with the latest skills and competencies required for the function to achieve its objectives.

In the full video interview below, Ted Harrington, keynote speaker and executive partner at Independent Security Evaluators, provides his take on application security and shares tips on the subject with up-and-coming security leaders. 

In part two of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with David Holland, director of internal audit at Modine Manufacturing, who shared his thoughts on the state of resources for the modern-day internal auditor. 

In part one of this four-part series on internal audit priorities in 2019, Internal Audit Insights caught up with David Cook, managing director of internal audit at Robert W. Baird,  who shared his thoughts and advice on how audit leaders today can realign their resources effectively.

InfoSec Insider caught up with Trustwave SpiderLabs Principal Security Consultant Matt Lorentzen, who discussed the open source pentesting tool and provided us with a demo.

The modern-day CISO faces a multitude of challenges they must face head-on to build a sense of leadership and vision within the security and risk department. InfoSec Insider caught up with CISO Spotlight's Todd Fitzgerald, who offered up concrete tips up-and-coming security leaders can leverage when it comes to achieving organizational effectiveness.

Management is responsible for setting the organization’s structure, allocating resources throughout the entity, overseeing the programs and processes, and monitoring the related objectives, risks, and controls. Yet, when business managers are asked about risks and controls, a troublingly high number of them at many organizations are unaware of these responsibilities.

Knowing how to approach buying cybersecurity vendors is a difficult task. There’s a lot to manage internally (budget, needs, fit) and it’s hard to know what kind of vendors or solutions would serve your organization best. The fear, uncertainty, and doubt (FUD) experienced by cybersecurity vendors are especially troubling.

In this feature article, communications expert Jill Schiefelbein provides internal auditors with three simple, important rules to help you communicate in a way that will position you as a more confident communicator within the business.

Rapid7’s Director of Research Tod Beardsley highlights what you should know about voting machine security and what more needs to be done for the approaching 2020 elections.

In this follow-up episode, the DeMISTIfying Security experts provide you with proven tips that you can leverage to boost the cybersecurity budget within the business. Don't miss out on this episode.

It’s easy to overlook your own grammar errors. But you’ll be a better writer if you become mindful of your writing and correct your own editing mistakes. Here are five common editing mistakes we all make or might have questions about. Maybe a couple will resonate with you.

Cybereason CSO Sam Curry shares how “black propaganda” is leveraged by foreign adversaries, why 2016 was a failure of imagination from a cyber standpoint, and what we should be prepared for leading into the 2020 presidential elections.

InfoSec Insider caught up with Cylance's Chief Security and Trust Officer, Malcolm Harkins, who shared why he believes leadership in information security today is sorely lacking, but more importantly, what needs to be done in order for today's security leaders to create an "ideal state" for their departments.

Robots are having a growing influence on organizational practices and this dynamic is of great interest to internal auditors and compliance professionals who examine the impact of these technologies on organizational objectives, risks and controls. But they also present a growing concern as the work performed by internal auditors may be replaced by machines.

There are a slew of threats aimed at industrial control systems, and security warriors in that space need to constantly be on their toes. We caught up with Sergio Caltagirone, vice president of threat intelligence at Dragos, who shared how infosec pros in the ICS world can get started with threat profiling.

The work of internal auditors and compliance professionals is complex, challenging and often, unfortunately, under-appreciated by their clients. What makes matters even more stressful for these professionals is that their managers sometimes micro-manage them.

It’s no mystery that the world of cybersecurity constantly faces a massive challenge. It has to pre-empt attacks, predict how hackers will use new attack vectors, and defend their environment against all existing attacks and attacks that may not even exist yet. In this feature, we go over one of the more obscure, but dangerous and difficult attacks to defense against—airborne attacks.

Security departments have evolved tremendously over the years, but so have cyber threats. As organizations become more aware that nearly no one can be trusted, whose job is it to watch the watchers? At this year’s RSA Conference in San Francisco, InfoSec Insider caught up with Forcepoint's Dr. Richard Ford who dives into the topic.

Cybersecurity is top of mind for most executives and board members, as well as to internal audit. While the information security team may be in charge of measurably reducing cyber risk within the business, internal audit has an important role to play too.

In the latest edition of InfoSec Insider’s DeMISTIfying Security series, veteran experts Ed Moyle and Raef Meeuwisse discuss the state of cybersecurity as it relates to executive support within the business.

Evidence is something that provides proof and it proves or disproves something.  It is presented as verification of the facts at issue and generally includes the testimony of witnesses, and the examination of records, documents, and objects. This feature by MISTI's Dr. Hernan Murdock, examines the qualitative elements to consider when it comes to leveraging high-quality evidence.

Cyber swindlers are continually looking to reinvent themselves, and their methods are becoming savvier. InfoSec Insider caught up with Digital Shadows CISO Rick Holland on the recent research that his team has conducted on cybercrime extortion, and how security practitioners can secure their organizations don't fall prey to these attacks.

Organizations have struggled to gain control over privileged identity management—a challenge that has tripped up many security and risk departments and has caused major cyber incidents. If the title of this article caught your eye, chances are you’re grappling with this issue and are looking for some insights that will make your life a little easier.

Performance auditing is the review of a program or process, and the systems supporting it, to determine whether it is achieving the primary goals of efficiency, effectiveness, and economy in its use of available resources. These reviews are often done in government and non-profit entities, but they are equally important in the for-profit sector.

To become trusted advisors to management it would help if we spoke the same language they do. While auditors and compliance professionals often talk in terms of controls, and increasingly in terms of risk, managers and business leaders often talk in terms of costs, benefits, revenue, reputation, and market share.

Cybersecurity remains a persistent challenge in information technology, and for IT security professionals, AI and other tools are valuable for organically managing cybersecurity without depending on vendors that might have more sophisticated tools and experience using them.

While having strong IT security in place to secure sensitive data on devices and networks is critical, ensuring your organization practices strong physical security is equally important. Organizations need to prevent attackers from being able to walk in and walking out with data, systems, physical documents, or worse – a new connection to your network as a persistent threat.

Internal auditing is a complex field of work that is undergoing significant changes. Today's internal auditors are tasked with managing their careers, so they remain relevant in the short and longer terms. Given this complex environment, it is not surprising that mentoring and coaching have emerged as essential tools to help auditors grow professionally.

Cyber law is focused on bringing more clarity to privacy questions that new technology introduce. It’s important for all security professionals to have a basic understanding of current and potential future cyber law concepts in order to stay compliant and ensure sensitive data stays safe.

Password security has undergone a significant transformation over the last few years. As a reaction to the insecure form of identity verification that is logging in with a password, technologies such as two-factor authentication (2FA), multi-factor authentication (MFA), and hardware keys. This begs the question—where does that leave passwords in 2019?

Transitions are those juicy, bite-size gourmet words that connect ideas, sentences, paragraphs, and even sections. Too often, we can misuse, overuse, or omit transitions. This article covers how to use transitions to improve clarity in your reports.

Cybersecurity law is one of those responsibilities that come up in an organization when it’s too late. To get a better sense of how your organization can be equipped to tackle cybersecurity law, we spoke to Stephen Black, professor of law at the Texas Tech School of Law for his advice.

In this follow-up video, the DeMISTIfying Security experts discuss two recent containerization-related issues and how the modern-day security warrior can venture into the unknown to effectively tackle challenges such as this.

Last month in an article about setting the stage for better decision-making we learned about four elements that you should be considering before you even form the words you want to say. This month it’s all about the messaging.

Recent incidents illustrate the risks that healthcare networks are subject to in today's ever-expanding cybersecurity threat landscape. In particular, securing networked medical devices in this environment can be challenging. 

One of the most overlooked, but essential, elements of the persuasive process is establishing a definite need in your to-be-persuaded-audience’s mind. In other words, how does the client know that they need what you have to offer? Here, we explore the topic.

So many vendors, so little budget. Security departments are constantly tasked to know how to properly allocate funds to staffing, resources, tools, solutions, software, vendors, third-party contractors, and more. Even an unlimited budget wouldn’t help as security departments can find themselves bloated with software or vendors, leading to an inefficiently run department.

As business processes become more complex, information more widely dispersed, and the risk environment more complicated, the need for internal auditors to adapt to this new environment becomes imperative. This is where rotation programs can really save the day.

Today, there are highly specialized training options offered both in-person and online in the form of meetups, webinars, formal courses, and in-house and external conferences. The attractiveness (cost, convenience, and specialty) of these alternative options has driven cybersecurity talent to steer towards education avenues outside of traditional academia.

The search for qualified, competent internal auditors remains a challenge for many audit departments. As internal audit leaders continue to struggle qualified additions to their teams, what areas should they be focusing on and what steps can they take? This feature story answers those questions.

When you’re talking information security among your peers, it sounds like a totally different language than the rest of your organization speaks. This puts infosec professionals in a bind. On the one hand, security vulnerabilities exist throughout the company. Yet you, alone, are carrying the burden of knowing just how serious it can get. That’s why it’s up to you to create an information security communication strategy.

Internal auditors must engage in lifelong learning. They are increasingly participating in webinars, consuming online content, and listening to podcasts. While all of these actions are conducive to learning, there is another learning opportunity that many internal auditors and compliance professionals may not be familiar with: Symposiums.

From steering clear of marketing buzz to the impact of misinformation, DeMISTIfying Security hosts Ed Moyle and Raef Meeuwisse point out the security assumptions that could be catastrophic to any security practitioner’s role.

So, what exactly does an IT auditor do? In this article, we provide a broad breakdown of an IT auditor's responsibilities, the necessary skills to become one, how an IT auditor interacts with other roles throughout their organization, and more.

In this article, we’ll go over what devices infosec departments should have an eye on and how to tackle the challenge of BYOD head-on. For an expert’s perspective, we spoke to Georgia Weidman, founder of Shevirah, a mobile and IoT testing company.

There are some common communication mistakes that junior auditors make. Lucky for you, this article is going to point these foibles out and show you how you can change the trajectory of your communication to show confidence, not self-consciousness.

Cybersecurity awareness training is a critical component to your security hygiene. The most effective training programs are offered frequently and use available frameworks, focus points, tools, and tactics to build a culture where cybersecurity is embraced, not avoided or shunned.