MIS|TI
  • About MISTI
    • Overview
    • FAQs
    • Contact Us
    • Careers
    • Instructor Bios
    • Hotel Information
  • Contact

(508) 879-7999

USA EMEA / APAC
  • Linkedin
  • Twitter
  • Facebook
  • Email Newsletter
USA EMEA / APAC

Event Search

Event Search

  • About MISTI
    • Overview
    • FAQs
    • Contact Us
    • Careers
    • Instructor Bios
    • Hotel Information
  • Contact

(508) 879-7999

  • Training
    • Seminars
    • LeaderQuest Training
    • LeaderQuest Course Listing
    • ACL Training
    • Executive Programs
    • Training Weeks
    • Virtual Seminars
    • Certificate Programs
    • Course Evaluation
  • Tailored Training Solutions
  • e-Learning
    • Webinars
  • Content
    • Internal Audit Insights
    • Resource Center
  • Quick Links
    • Training Weeks
    • Expo/Sponsorship Information
    • Ways to Save
    • Request Information
    • Request to Speak
    • Newsletter Sign Up
    • Virtual Classroom Information
    • Course Evaluation Information
    • Event Downloads
  • Event Search
  • Training
    • Seminars
    • LeaderQuest Training
    • LeaderQuest Course Listing
    • ACL Training
    • Executive Programs
    • Training Weeks
    • Virtual Seminars
    • Certificate Programs
    • Course Evaluation
  • Tailored Training Solutions
  • e-Learning
    • Webinars
  • Content
    • Internal Audit Insights
    • Resource Center
  • Quick Links
    • Training Weeks
    • Expo/Sponsorship Information
    • Ways to Save
    • Request Information
    • Request to Speak
    • Newsletter Sign Up
    • Virtual Classroom Information
    • Course Evaluation Information
    • Event Downloads
  • Event Search
  • Linkedin
  • Twitter
  • Facebook
  • Email Newsletter

Event Search

  1. Home
  2. Infosec Insider

Infosec Insider

ft: Industry Impactf: 2000-01-01t: 3000-01-02c: 2021-03-08
asdf
2018-02-22 06:16:00
Featured Article:

Negotiating Today’s Shadow IT Labyrinth

By Katherine Teitler
February 22, 2018
The rise of the "citizen developer" may be a blessing for organizations looking to create efficiencies, but could become a curse for security teams if not handled properly.
2018-02-15 06:16:00

Six Tips for Shoring Up Your SMB Security Strategy

By Katherine Teitler
February 15, 2018
SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.
2018-01-24 06:16:00

From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises

By Giovanni Vigna
January 24, 2018
Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.
2018-01-23 06:16:00

How Artificial Intelligence Fits into Your Cybersecurity Strategy

By Katherine Teitler
January 23, 2018
Artificial intelligence expert, Vijay Dheap, helps separate fact from fiction and provides guidance for companies looking into using AI as part of the defensive security strategy.
2018-01-11 06:54:31

Psyber Intelligence Part 2: Hacking Social Intelligence

By Lance James
January 11, 2018
Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.
2018-01-02 06:09:00

What It Means To Do DevOps

By Marcos Colón
January 02, 2018
One expert discusses the growing importance of DevOps within the enterprise, the initial steps organizations should be taking to implement a DevOps approach, and how to get buy-in from key stakeholders.
2017-12-28 06:30:00

6 Things Security Practitioners Should Know About the SOC

By Katherine Teitler
December 28, 2017
The security operations center is a critical element of running a situationally aware security organization. Unfortunately, many companies today don’t have the resources to form one.
2017-12-26 06:12:00

Readers Choice: Top 10 InfoSec Insider Articles of 2017

By Marcos Colón
December 26, 2017
You picked them! Here's a look at the most read articles published on InfoSec Insider in 2017. From CASB to threat intelligence, you'll find a unique mix of some engaging content that answers some of your pressing questions.
2017-12-20 06:56:20

The Pros and Cons of Leveraging OSINT Tools

By Marcos Colón
December 20, 2017
A threat intelligence expert shares his experiences and advice when it comes to leveraging OSINT tools, highlighting the benefits to security organizations, but also discussing the legal ramifications one could face by accessing them.
2017-12-18 05:56:00

How to Mitigate Cyber Risks through Cyber Insurance

By Katherine Henry & Brendan Hogan, Bradley Arant Boult Cummings LLC
December 18, 2017
Cybersecurity professionals can provide valuable input in their companies’ procurement of cyber insurance, and should be involved in all phases of cyber insurance procurement and management. Here are some important areas you should focus on.
2017-12-14 07:46:00

GDPR is Looming, and Companies are Laissez-faire

By Katherine Teitler
December 14, 2017
Companies can use GDPR as a way to shore up lax security controls and processes.
2017-12-13 05:57:35

How to Leverage Structured Analytic Techniques in Threat Intelligence

By Marcos Colón
December 13, 2017
Security professionals are over the hype surrounding threat intelligence. Now, they're aiming to find better ways to operationalize it. In this interview with Digital Shadows' Rick Holland, he explains why structured analytic techniques are an effective way to make sense and leverage your threat intelligence data.
2017-12-12 06:16:00

Hacked Websites: How Weak Security Impacts Us All

By Todd O'Boyle
December 12, 2017
Attackers are increasingly targeting vulnerable WordPress websites to prey on innocent users...because it's easy.
2017-12-11 07:46:00

Choosing the Infosec Career Path That’s Right for You

By Katherine Teitler
December 11, 2017
Choosing the right infosec career path might not be cut and dried, but certain personalities may be a better for for some roles.
2017-11-30 07:46:00

Artificial Threat Intelligence: Using Data Science to Augment Analysis

By Lance James
November 30, 2017
Data science can help analysts make more informed threat intelligence decisions...but only if it's integrated correctly.
2017-11-20 07:46:00

The Business Benefit of Backups

By Katherine Teitler
November 20, 2017
There are many reasons organizations don’t back up systems correctly, but are any of them good reasons?
2017-11-16 07:46:00

SSL/TLS Assurance

By Ed Moyle
November 16, 2017
TLS is the cornerstone of secure communications for networked communications, but are you implementing and maintaining it correctly?
2017-11-09 07:46:00

Google Pushes “Prompt” as Second Factor Security Verification

By Katherine Teitler
November 09, 2017
Two-factor authentication works; why aren't more enterprises requiring it as a default security measure?
2017-11-08 07:46:00

Trump’s Twitter Deactivation Reminds Us to Check Our Change Management

By Katherine Teitler
November 08, 2017
One rogue employee or unauthorized user can significantly impact your organization's information security risk...if you let them.
2017-11-02 07:46:00

The ACDC Act Would Take Defenders’ Eyes Off Real Cyber Defense

By Katherine Teitler
November 02, 2017
The Active Cyber Defense Certainty Act could have negative impacts on defenders' security efforts.
2017-10-30 07:46:00

Why A Lower Cost Per Data Breach Isn’t Cause for Celebration

By Katherine Teitler
October 30, 2017
A look at what the Ponemon "Cost of Data Breach" study tells us about how to prepare for a data breach or cybersecurity incident.
2017-10-25 06:02:00

The Problem with Network Monitoring

By Katherine Teitler
October 25, 2017
Ixia Director of Application and Threat Intelligence, Steve McGregory, discusses how cyber attackers are evading network detection, and shares tips on how organizations can move towards better prevention and detection. 
2017-10-23 07:46:00

Hiring for Security is Hard. So What?

By Katherine Teitler
October 23, 2017
Cybersecurity staffing is a hot button issue, but not one that can be ignored just because it's a challenge.
2017-10-17 06:42:37

The Obsolescence of Passwords: How to Leverage Behavior-Based Security

By Marcos Colón
October 17, 2017
Aetna CSO Jim Routh discusses why he believes passwords are obsolete, how he’s done away with them at Aetna, and why and how security managers can take a similar approach.
2017-10-16 07:46:00

SMBs' Cyber Attack Woes are Rising

By Katherine Teitler
October 16, 2017
The "2017 State of Cybersecurity in Small & Medium-Sized Businesses" report reveals what we already know about security, but what will companies do about it?
2017-10-11 06:02:33

Why IoT Devices Turn Up the Heat on Security Pros

By Marcos Colón
October 11, 2017
Trustwave Threat Intelligence Manager Karl Sigler discusses the non-traditional devices that security professionals should have on their radar and how thermostats can figuratively turn up the heat for infosec pros, and literally for the enterprise.
2017-10-02 07:46:00

States Push for Consumer Protection in Credit-Related Data Breaches

By Katherine Teitler
October 02, 2017
The Equifax data breach has spurred two state attorneys general to draft legislation that places the onus for lost credit-related data on the credit bureaus themselves.
2017-09-26 07:46:00

Authentication Failure Leads to IP Theft at Deloitte

By Katherine Teitler
September 26, 2017
The Deloitte breach teaches us that we have many cybersecurity lessons to learn—even ones we already know.
2017-09-18 07:46:00

Why Ransomware Will Continue to Target Healthcare

By Katherine Teitler
September 18, 2017
“Defray” ransomware is making its way around the healthcare industry, proving that cyber criminals still need only target low-hanging fruit.
2017-09-14 07:46:00

Threat Modeling and Architecture

By Adam Shostack
September 14, 2017
A follow up to his piece, "Rolling Out a Threat Modeling Program," Adam Shostack discusses threat modeling in the architecture process.
2017-09-11 07:46:00

The Equifax Breach is not Just Another “Oops”

By Katherine Teitler
September 11, 2017
The Equifax breach should be a wakeup call that we're doing security wrong.
2017-09-05 07:46:00

Can We Finally Do Away with Password-Based Authentication?

By Katherine Teitler
September 05, 2017
Jonathan Sander discusses how traditional password management and authentication methods are insufficient to handle today's system access.
2017-08-30 06:00:26

How to Face IoT Threats Head On

By Marcos Colón
August 30, 2017
A discussion on the impact that IoT attacks have had on enterprises, and tips on what security managers can do to face these challenges head on.
2017-08-28 07:46:00

Tech Giants Take on the Supreme Court in Digital Data Battle

By Katherine Teitler
August 28, 2017
In a brief filed with the Supreme Court earlier this month, 15 major U.S.-based technology companies petitioned the court on the subject of digital data. 
2017-08-24 07:46:00

How to Buy Security Products

By Katherine Teitler
August 24, 2017
How do you choose the right security products for your environment when the market is overcrowded and intentionally noisy?
2017-08-23 05:27:00

Security is a Skill Set, Not a Tool

By Katherine Teitler
August 23, 2017
Adrian Sanabria shares why tools acquisition isn't the answer to your information security woes, and explains how teams can increase efficacy without increasing expenditures.
2017-08-21 07:46:00

What Happened to Threat Intelligence?

By Katherine Teitler
August 21, 2017
The threat intelligence tools market has exploded, shaping how organizations look at the threat landscape—but not necessarily for the better.
2017-08-16 06:02:35

The Growing Professionalism of Cybercrime

By Marcos Colón
August 16, 2017
How the professionalism surrounding cybercrime has grown evolved, and what you can do to prepare.
2017-08-14 06:46:00

Conquering CASB Confusion

By Adrian Sanabria
August 14, 2017
CASB was widely regarded as the quickest-growing market ever in cybersecurity, but what impact does it have today?
2017-08-10 07:02:46

Why it’s Vital to Secure your Virtualization Infrastructure

By Alan Sugano
August 10, 2017
Because of the concentration of company data on ESXi/Hyper-V hosts, it becomes mission critical to secure your virtualization infrastructure accurately.
2017-08-09 07:27:00

What Happens When In-Network Traffic is Your Biggest Threat?

By Katherine Teitler
August 09, 2017
In a network perimeter-less world, enterprise security practitioners need ways to verify the authenticity of applications and the devices and users running those applications; firewalls just fall short.
2017-08-08 07:00:00

Firewalls: No Simple Solution to Network Security but an Essential Element Nonetheless

By Katherine Teitler
August 08, 2017
Marcus Ranum talks current firewall capabilities, what micro segmentation will solve (and what it won't), and the future of network security.
2017-08-07 06:37:40

OPSEC Tradecraft: Protecting the Online Persona

By Lance James
August 07, 2017
In our last article, we discussed how disciplines like psychology and behavior-profiling can help us to better understand the adversary at the end of the keyboard. Now we are going to extend similar disciplines to ourselves as intel analysts.
2017-08-03 07:46:00

Will the Latest (Proposed) IoT Legislation Make a Difference?

By Katherine Teitler
August 03, 2017
The proposed "Internet of Things Cybersecurity Improvement Act of 2017" signals a shift in attitudes about cybersecurity's impact on public safety.
2017-08-02 07:27:36

How Cybersecurity Can Step Up Its Game Through Information Sharing

By Marcos Colón
August 02, 2017
Michael Daniel, the former cybersecurity advisor to President Obama and current president of the Cyber Threat Alliance, offers up his thoughts on why information sharing is a critical component of combatting cyber threats today.
2017-08-01 07:46:00

Can the “Right to be Forgotten” Lead to Better Data Security?

By Katherine Teitler
August 01, 2017
Should individuals have the right to have their data removed from search engine results and providers' systems, and what impact would that have on information security?
2017-07-27 07:48:16

How to Tackle the Expo Floor at Infosec Conferences

By Marcos Colón
July 27, 2017
In this exclusive video interview, Mike Spanbauer, VP of Security Test and Advisory, provides some helpful tips to security professionals when it comes to vetting security technology.
2017-07-20 07:46:00

8 Tips for Submitting an Outstanding Conference Talk Proposal (part 2)

By Katherine Teitler
July 20, 2017
Now that we've looked at the basics for submitting an outstanding CFP, we'll look at a few more tips and tricks for getting your submission picked.
2017-07-18 07:46:00

8 Tips for Submitting an Outstanding Conference Talk Proposal (part 1)

By Katherine Teitler
July 18, 2017
Submitting a great call for presenters proposal is about more than simply writing about your expertise.
2017-07-13 07:46:00

New Attacks Mean Back to Basics…Again

By Katherine Teitler
July 13, 2017
Information security cannot be bought; organizations need to focus on security fundamentals to ward off the latest and greatest cyber attacks.
2017-07-06 07:00:00

How Far Should You Go with Employee Monitoring?

By Katherine Teitler
July 06, 2017
Depending on your source, insider threat accounts for anywhere from 27% - 77% of all breaches. Despite the disparity in agreement about size of the problem, most security practitioners agree that the difficulty identifying insider threat is greater than identifying external threats.  
2017-07-05 07:00:00

Top 5 Lies about Cloud Security

By Katherine Teitler
July 05, 2017
A look at some of the common myths surrounding cloud security.
2017-06-30 07:46:00

Security vs. Humans: Techniques for Dealing with Social Engineering Threats

By Katherine Teitler
June 30, 2017
Social engineering works. Which is why threat actors take advantage of humans’ innate trust in others.
2017-06-28 07:46:00

PetyaWrap is Wannacry’s Honey Badger Upgrade

By Adrian Sanabria
June 28, 2017
A honey badger, like the Petya ransomware, waits to see if you make the mistake of underestimating it.
2017-06-22 07:47:05

These Are the Three Exploit Kits You Should Know About

By Marcos Colón
June 22, 2017
A look at three cyber threats that are keeping the exploit market alive, with advice on what you can do to protect your organization and employees from them.
2017-06-21 07:46:00

How to Combat Alert Fatigue

By Katherine Teitler
June 21, 2017
A recent report by the Cloud Security Alliance and SkyHigh Networks says that 50% of organizations are using six or more security tools that generate constant alerts. 
2017-06-20 07:46:00

Government Gains Ground on Modernizing Hackable Technology

By Katherine Teitler
June 20, 2017
Government decisions and the passage of new laws are slow moving, which is just one of the reasons outdated laws are governing current technology usage. 
2017-06-07 11:22:02

IoT Blindspots: The Four Devices That Should be on Your Radar

By Marcos Colón
June 07, 2017
Connected devices are trickling into the enterprise. While these four devices should be monitored by security managers, they may not currently be on their radar.
2017-06-06 07:46:00

5 Ways to Find the Low-Hanging Fruit on Your Network

By Katherine Teitler
June 06, 2017
When it comes to securing an organization’s network, there is no shortage of basic blocking and tackling to be done. 
2017-06-05 07:46:00

What Trump’s Cybersecurity Executive Order Means…or Does Not Mean…for Enterprises

By Katherine Teitler
June 05, 2017
It has been less than a month since U.S. President Trump issued an Executive Order aimed at improving the nation’s cybersecurity defenses. 
2017-06-01 07:46:00

Why are Outdated Laws Governing Current Technology Usage?

By Katherine Teitler
June 01, 2017
When it comes to how corporations manufacture and sell products, different people have varying views on what role government plays in that process.
2017-05-31 08:22:56

Psyber Intelligence Part 1: Understanding the Human at the End of the Keyboard

By Lance James
May 31, 2017
The information security professional's guide to human intelligence collection.
2017-05-24 07:46:00

Tackling Cellular Vulnerabilities

By Aaron Turner
May 24, 2017
Enterprise security professionals have been lax in our demands for visibility into how cellular networks put our organizations at risk. 
2017-05-23 07:46:00

Cyber Hygiene Issues Exposed with WannaCry

By Katherine Teitler
May 23, 2017
Unless you’ve been living under a rock, you’ve heard about the WannaCry Ransomware attack.
2017-05-22 07:46:00

Malicious Insiders Are a Huge Problem But You Have a Bigger Issue

By Christy Wyatt
May 22, 2017
Aside from corporate data and proprietary intellectual property, employees are the greatest assets to companies.
2017-05-17 07:46:00

WannaCry: A Media Maelstrom Without Much Actionable Advice

By Katherine Teitler
May 17, 2017
Touted as the largest Ransomware attack in history by the media, WannaCry is certainly on the tips of tongues of corporations and consumers everywhere. 
2017-05-16 07:46:00

DHS Funds Mobile Digital Trust Projects

By Katherine Teitler
May 16, 2017
Identity in the digital world has always been a point of contention for information security practitioners. 
2017-05-15 08:00:21

4 Best Practices to Creating a BYOD Policy

By Marcos Colón
May 15, 2017
A run-through of the four best practices that every security manager should follow when implementing a bring-your-own-device policy.
2017-05-10 07:46:00

SS7 Exploit Proves New 2nd Factor Authentication Methods are Needed

By Katherine Teitler
May 10, 2017
Two-factor authentication (2FA) is held up by the information security community as one of the most effective ways to mitigate credential stealing and avoid account compromise. 
2017-05-09 07:56:24

A Needle in a Haystack: Behavioral-Based Detection to Identify Anomalies

By Marcos Colón
May 09, 2017
In this video interview Josh Pyorre, security researcher at OpenDNS, discusses his approach to detecting threats.
2017-05-08 07:46:00

Building a Better Security Industry

By Katherine Teitler
May 08, 2017
How often have you heard the term “cultural fit” as it relates to employees of your or another’s place of employment?
2017-05-05 07:46:00

Compromised Credentials and Financially-Motivated Attacks Top the 2017 DBIR

By Katherine Teitler
May 05, 2017
The issuance of the DBIR has become an industry event of sorts, giving people the opportunity to carefully examine and argue the finer points against that which they see in their environments.
2017-05-02 18:02:02

Why Secure Data Logistics Provides Optimum Visibility

By Marcos Colón
May 02, 2017
Security experts David Etue and Christopher Ensey discuss their research into secure data logistics.
2017-04-26 13:46:00

Pen Testing is Dead. Long Live Pen Testing

By Mike Landeck
April 26, 2017
A few years ago I was working with one of the savviest executives I have ever known. No one could negotiate a deal like he could.
2017-04-20 13:46:00

Putting The Brakes On Hacked Cars

By Chris Hardee
April 20, 2017
Your average car has between 3 million and 10 million bugs buried somewhere within its code, but some carmakers are making an effort to update their cars.
2017-04-18 13:51:53

What You Need to Know About Cyber Liability Insurance

By Marcos Colón
April 18, 2017
In this video interview with Risk Based Security CISO Jake Kouns, he offers up some helpful advice to security professionals on cyber insurance, and sheds light on its biggest misconception.
2017-04-17 22:33:42

Assessing Cryptographic Systems

By Ed Moyle
April 17, 2017
There are technologies operating in our environments that we tend not to pay attention to unless there’s a problem. 
2017-04-14 13:46:00

Why Security Managers are Afraid of the Cloud

By Katherine Teitler
April 14, 2017
Cloud computing has become a ubiquitous part of today’s business operations. Though the cloud is not security practitioners’ favorite tool in the toolbox, it is here to stay. 
2017-04-12 13:46:00

Staying in Front of the Development Lifecycle is the Key to Secure Apps

By Katherine Teitler
April 12, 2017
With the average number of web apps in use by organizations on the rise, unpatched vulnerabilities heighten risk, not just for specific users of that application, but for the entire organization. 
2017-04-11 13:46:06

Fail vs Finished: The Difference Between Information and Intelligence

By Lance James
April 11, 2017
The majority of threat “intelligence” you receive and attempt to operationalize successfully currently isn’t intelligence at all; it’s simply information!
2017-04-03 08:00:00

Secure Data Logistics: How Information Security can Learn from Armored Cars

By David Etue
April 03, 2017
Valuable assets? High stakes? Motivated adversaries? Difficult attribution? Package delivery, armored cars, and information security have quite a lot in common.
2017-03-30 08:00:00

End User Security Habits Aren’t Bound to Help your Corporate Program

By Katherine Teitler
March 30, 2017
Americans’ online security habits are just as bad as you’ve imaged, according to a recent survey of more than 2,000 respondents.
2017-03-29 08:00:00

What the CIA Leaks Mean for Security Managers

By Katherine Teitler
March 29, 2017
When WikiLeaks released a repository of hacking tools and techniques used by the CIA, the initial reaction was shock and awe, followed quickly by piqued interest, then a bit of annoyance. 
2017-03-27 08:00:00

“Compliance is for Big Business!” Or So You Think

By Katherine Teitler
March 27, 2017
If a small business CEO thinks about compliance, he or she might think it’s relegated to big businesses. Who else has the funding and the time to attend to compliance? And does it really matter anyway?
2017-03-22 08:00:00

The State of Cyber Safety

By Katherine Teitler
March 22, 2017
As if protecting organizational systems from data theft and abuse weren’t a big enough challenge, “Poor cybersecurity hygiene is now having life-altering effects” says one industry expert. 
2017-03-21 08:00:00

What is the Best Security Framework for your Business?

By Dominic Vogel
March 21, 2017
Cybersecurity frameworks are quite similar to relationships—you get out of them what you put into them. To some extent, we have all waded into the waters of cybersecurity frameworks.
2017-03-20 08:00:00

Preinstalled Mobile Malware Highlights Need for 3rd Party Risk Assessments

By Katherine Teitler
March 20, 2017
Consumer-grade mobile devices have been inserted into corporate environments while security teams are forced to sit on the sidelines of decision making. 
2017-03-17 08:00:00

Machine Learning and Cyber Hunting for All Organizations

By Kris Lovejoy
March 17, 2017
As organizations around the world are dealing with the sophistication of today’s hackers, they are recognizing that proactive approaches are needed to address advanced cyber threats.
2017-03-15 08:00:00

Secure Development for the Cloud

By Randall Brooks
March 15, 2017
Application exploits have become daily news, and as a result, application security and secure coding are developing focus areas of cybersecurity.
2017-03-14 11:51:49

Why Creating an Incident Response Plan is a Continuous Activity

By Marcos Colón
March 14, 2017
The fire department typically has a response plan they can put into use when a building is ablaze, involving equipment, angles to take on the fire, and what to do after the flames have been put out.
2017-03-08 14:30:00

Enterprise Resiliency goes Beyond Disaster Recovery

By Gary Sheehan
March 08, 2017
Resiliency sounds like a common-sense approach to business. Each organization must prepare for change and disruptions in order to survive and prosper. Who wouldn’t want to do that, right?
2017-03-07 14:30:00

Why Is Identity & Access Management Hard?

By Katherine Teitler
March 07, 2017
“Identity and access management is the most fun and fulfilling part of my job,” are words unlikely to be spoken by many security practitioners.
2017-03-06 14:30:00

Victory in 100 Battles: How to Perform a Successful Asset Inventory

By Chris Poulin
March 06, 2017
If the term “asset inventory” elicits involuntary yawns of boredom, you’re not looking at the problem from the right angle. You could make an entire career out of a true, living asset inventory.
2017-03-03 22:19:01

Ransomware 101: What Security Managers Need to Know

By Marcos Colón
March 03, 2017
In this full video interview, Simon Crosby, co-founder and CTO at Bromium not only discusses the ins and outs of ransomware but offers up best practices for security practitioners.
2017-03-02 14:30:00

A Look at NY’s Stricter Cybersecurity Rules for Financial Institutions

By Katherine Teitler
March 02, 2017
Though the rules took effect at the beginning of the month, affected enterprises have transition periods ranging from 180 days to 18 months to comply with varying aspects of the law.
2017-02-28 08:30:00

Ransomware: Show Me the Money

By Ben Rothke
February 28, 2017
The effects of ransomware have been devastating to organizations, from locking hospitals out of patient data to police departments that have lost years’ worth of evidence.
2017-02-24 08:30:00

GDPR has Implications Beyond the EU

By Katherine Teitler
February 24, 2017
Compliance with the European law becomes mandatory on May 25, 2018, and given the complexities of adherence, companies are starting to scramble to put plans in place.
2017-02-23 08:30:00

Building Strong Infosec Teams through Diversity

By Katherine Teitler
February 23, 2017
In biology, it is well known that genetic diversity creates strength in that it helps build resilience to disease, disorders, and other human ailments. At a community level, we also find strength in diversity.
2017-02-09 09:00:00

Ridiculously Obvious Phishing Scams are Still Active

By Katherine Teitler
February 09, 2017
Just when you thought the infamous “Nigerian Prince” was a ubiquitously understood joke, it seems the security industry still has a long way to go when it comes to phishing. 
2017-02-08 09:00:00

House of Representatives Passes an Important Privacy Bill

By Katherine Teitler
February 08, 2017
It would be somewhat of an understatement to say that methods of communication have changed over the last 31 years. Yet in that time, laws pertaining to the privacy of those new types of communication have remained stuck in the past.  
2017-02-07 08:31:00

Leadership Lessons from the Orchestra

By Katherine Teitler
February 07, 2017
Leadership is a lot like playing in an orchestra. For those less familiar with an orchestra setting, let me explain. The basics: A traditional orchestra is made up of strings, woodwinds, brass, and percussion, plus keyboards. 
2017-02-03 08:31:00

What Happens When the President Insists on an Unsecure Device?

By Katherine Teitler
February 03, 2017
The President of the United States is apparently using an Android phone, and likely an outdated version, at that. Despite reports that the newly inaugurated president was, in typical fashion, offered a “secure, encrypted device approved by the Secret Service,” it appears Mr. Trump prefers his own personal device. Don’t we all?
2017-02-02 08:31:00

Signs You’ve Been Breached

By Katherine Teitler
February 02, 2017
It’s true that cyberspace is growing by the day, and as companies and individuals add more information to internet-accessible sources, the risk of compromise of that data grows in parallel. With this greater risk comes more responsibility. 
2017-02-01 08:31:00

Risk v Threat: Threat Intelligence Exposed

By Katherine Teitler
February 01, 2017
A funny thing happened on the way to designing threat intelligence programs….we forgot about the risks! We as an industry tend to buy a lot of tools, sift through a lot of data, and send out a bunch of reports, but we forget to ask what we are really doing all of this for.
2017-01-30 08:31:00

Why Security Managers are Failing at Password Security

By Katherine Teitler
January 30, 2017
The idea of a password as a security mechanism is sound: One user with an individual identity plus a unique, secret password. In the physical world, this combination often works as it should, since the user’s identity travels with the user (in effect, adding a second factor of identification).
2017-01-26 13:31:00

Get Your Identity and Access Management Under Control

By Katherine Teitler
January 26, 2017
That idea of checks for every customer action, the weight of it, the precautions put in place—armed security guards, security cameras, security alarms positioned in ample locations—all signal to would-be thieves that any attack on a bank is going to require serious skill, planning, and personal risk.
2017-01-25 13:31:00

How to Cut Through Vendor Marketing Buzz on the Expo Floor

By Katherine Teitler
January 25, 2017
To say that the security vendor marketplace is crowded would be an understatement. For any problem a security team faces that can be aided with technology, look no farther than a conference expo floor and you’re sure to find (at least) dozens of self-proclaimed solutions in any given category. 
2017-01-24 13:31:00

Pacemakers and Piracy: The Unintended Consequences of the DMCA for Medical Implants

By Cory Doctorow
January 24, 2017
As networked computers disappear into our bodies, working their way into hearing aids, pacemakers, and prostheses, information security has never been more urgent -- or personal. A networked body needs its computers to work well, and fail even better.
2017-01-20 13:31:00

Will The Government Affect Cybersecurity in the Near Future?

By Katherine Teitler
January 20, 2017
On this first day of a Donald Trump presidency, many people around the world are watching and wondering what is going to happen in corporate America. The speculation is no less prevalent in the security industry.
2017-01-17 13:31:00

Tackling Government Cybersecurity Staffing Challenges

By Katherine Teitler
January 17, 2017
Cybersecurity staffing—and the industry shortage—is a frequent topic of conversation among security practitioners. But as nation state competition heats up, government and civilian agencies need to develop alternative hiring strategies if the U.S. wants to compete on a global scale.
2017-01-13 07:30:00

Two Questions to Answer Before Jumping Into Threat Intelligence

By Marcos Colón
January 13, 2017
Big data and the Internet of Things are two buzzwords that rang through the halls and show floors of security conferences across the nation for quite some time. Although ambiguous, the terms took the industry by storm.
2017-01-12 13:31:00

Want to Catch More Phish? Try This

By Katherine Teitler
January 12, 2017
As the results of the Anthem breach investigation make their rounds, the security industry is reminded once again that phishing is a highly effective attack method.
2016-12-23 07:45:00

The Best of InfoSec Insider in 2016

By Marcos Colón
December 23, 2016
As we continue to ramp up our efforts in providing you with a resourceful library of content you can rely on, we’ve decided to reflect on some of the top InfoSec insider articles of 2016, based on the engagement we’ve received from our readers.
2016-12-14 08:00:00

Evolving Threat Intelligence

By Katherine Teitler
December 14, 2016
“Security has a secret power: threat intelligence,” quipped Dave Ockwell-Jenner, Senior Manager, Security Threat & Operational Risk Management (STORM) at SITA, during MISTI’s recent Threat Intelligence Summit in New Orleans, Louisiana.
2016-12-12 08:00:00

Developing the National Cyber Incident Response Plan

By Katherine Teitler
December 12, 2016
Indeed, effective, successful organizations are attempting to proactively identify threats and indicators of compromise before they present serious destruction to the victim organization. Even the most robust and mature threat intelligence programs, though, aren’t immune to a breach.
2016-12-10 00:30:41

Why the Federal Government Developed a Cyber Incident Response Plan

By Marcos Colón
December 10, 2016
The days of focusing on the perimeter are over. Rather than waiting for the next cyberattack to strike, many security practitioners are focusing on the activity surrounding their critical assets, in addition to drafting incident response plans that activate once the inevitable breach occurs.
2016-12-05 08:00:00

Who Is the Most Negligent Insider?

By Katherine Teitler
December 05, 2016
“Insider threat” — it’s a term that gets thrown around a lot in cybersecurity circles. Practitioners want to know who is responsible for attacks and how attacks are being perpetrated so defenses can be appropriately implemented and provisioned.
2016-11-30 08:00:00

The Breach is Not the Problem

By Katherine Teitler
November 30, 2016
The All Powerful Breach…or threat thereof. How often do you, as a security practitioner, get asked by a colleague outside of the security team about the viability of a breach at your organization? Is a breach the meter by which security is measured?  
2016-11-23 15:40:44

How Companies Can Benefit From Hunt Teaming

By Marcos Colón
November 23, 2016
No matter their size, billions of dollars are spent on a yearly basis to protect networks at companies, yet headline-grabbing data breaches still occur.
2016-11-23 08:00:00

Smart Security Decisions: Attend the Threat Intelligence Summit

By Katherine Teitler
November 23, 2016
MISTI’s Threat Intelligence Summit in New Orleans in just two weeks away, and like the city itself, we’re ready to laissez le bon temps rouler! Threat intelligence is serious business—it helps organizations understand emerging threats and prepare defenses appropriately. 
2016-11-22 08:00:00

Ransomware Success Highlights Security’s State of Preparedness

By Katherine Teitler
November 22, 2016
Ransomware is just a cyber twist on the age-old crime of taking someone/something hostage and demanding a payout for safe return. Cyber criminals have quickly learned that getting at organizations’ data then deploying malware to encrypt it carries a low technical barrier to entry (as opposed to kidnapping a human).
2016-11-14 14:00:00

Threat Governance: Maturity, Threat Intelligence, and Lessons from IT Governance

By Ed Moyle, Director of Thought Leadership and Research, ISACA
November 14, 2016
  Go to any security conference nowadays, and you’ll find that everyone and their brother (from end users to service providers to vendors) has jumped on the threat intelligence bandwagon.
2016-11-10 00:16:00

The New Identity and Access Management Normal

By Dan Houser, Security Architect & Perspicacious Security Iconoclast
November 10, 2016
A study of recent hacking attacks on corporations makes it obvious that (weak) password credentials are being used both inside and outside organizations, and are frequently the credential protecting remote access to the enterprise and its "crown jewels."  
2016-11-09 00:16:00

Is Threat Intelligence Too Hard?

By Doug Gray, Senior Cyber Architect, Lunarline, Inc.
November 09, 2016
No threat actor ever avoided attacking your system because you marked a control as compliant. So why do so many defenders spend so little time understanding the threat?
2016-10-31 00:16:00

The Business Value of Cyber Threat Intelligence

By Rafal Los, Managing Director, Solutons Research and Development, Optiv
October 31, 2016
For nearly the last twenty years, enterprise security teams have been fighting threats to their business much like hapless teenagers fight demons in horror movies. Let me paint you a scene. Four people fleeing a horde of some type of evil take refuge in a run-down back woods cabin in the middle of nowhere.
2016-10-27 00:16:23

The Importance of Partnering in Infosec

By Antonio A. Rucci, Counterintelligence Special Agent (Retired), Information Technology & Technical Security Consultant
October 27, 2016
If you are engaged in in the information security (infosec) community for any length of time, regardless of whether you are Blue Team, Red Team, or Purple, one data point remains constant: You recognize the importance of partnering.
2016-10-21 08:00:00

The Allure of (Insecure) WiFi

By Katherine Teitler
October 21, 2016
Employee mobility is no longer a privilege or nice-to-have, but a given in today’s workplace. At even very small organizations, it’s not uncommon to find executives or sales people who are on the road more often than they are settled in the office, and gone are the days when working remotely is considered the entitlement of a select few. 
2016-10-19 08:00:00

The CIO Isn’t Your Enemy (but may be your boss)

By Katherine Teitler
October 19, 2016
Security teams fight many battles. There are threats, vulnerabilities, exploits, improperly configured systems, legacy equipment, lean budgets, staffing shortages, and users who are fallible. Any of these things, alone, add up to challenge, but possibly the biggest challenge security teams face is the battle between the security department and the CIO.
2016-10-18 08:00:00

Helping end users to manage their passwords

By Katherine Teitler
October 18, 2016
How to help your end users manage their passwords, with additional practical steps to improve your system security. This guidance focuses on the end user (rather than the system owner responsible for determining password policy).
2016-10-12 07:08:00

Can You See the Clouds Gathering?

By Mark Arnold, Senior Research Analyst, Office of the CISO, Optiv
October 12, 2016
For companies on the path of cloud adoption, the fear that dark “clouds gathering” could impact business health and one's financial bottom is a source of anxiety. Despite recent data that show cloud adoption rates consistent growth over the last 18 months, a group of holdouts endure.
2016-10-11 07:54:30

How the Growth of the Cloud Technology Market Impacts Security Managers

By Marcos Colón
October 11, 2016
Cloud technology has been moving at a tremendous pace. For businesses, it seems to have happened in the blink of an eye. It’s faster and more agile, with the ability to re-architect an entire infrastructure. But why has this happened so quickly, and what does it mean for security practitioners? 
2016-10-05 08:00:00

Beef Up Asset Protection with Security-as-a-Service

By Katherine Teitler
October 05, 2016
Information security is more integral to business growth than ever, and robust, verifiable security can be a point of differentiation. For smaller organizations, security-as-a-service can be a useful option, but many organizations don’t know how or when the time is right to make the move.
2016-09-26 09:39:27

What Is Security Analytics? It Depends On Your Role

By Marcos Colón
September 26, 2016
By Marcos Colón September 26, 2016 The cybersecurity industry is full of terms that both vendors and end users love to glom on to. Ok, maybe vendors lead the way, but their customers may not be doing a good job of speaking up and asking them to clarify what it is they do – taking the various mixed marketing messages as they come and running with it.
2016-09-21 08:00:00

Threat Intel in a Box? Not so Fast.

By Katherine Teitler
September 21, 2016
“You can’t just go to the shops and buy threat intelligence; it doesn’t come in a box.” This nugget of wisdom comes from Jim Hart, Vice President at AlixPartners LLP in the UK. Whilst upon reading, this idea is a big “no kidding,” yet many in the security industry still confuse threat intelligence feeds and tools with a threat intelligence program.
2016-09-20 08:00:00

Incorporating Purple Teaming into your Preparedness Strategy

By Katherine Teitler
September 20, 2016
“Red team” vs. “blue team” exercises have been adapted into cybersecurity from the military and intelligence realms. As a means to simulate real-life threats and attack scenarios, organizations have been putting this methodology into play, either with internal resources, or by hiring outside experts to help find system issues.
2016-09-13 08:00:00

When Security and Convenience Collide

By Katherine Teitler
September 13, 2016
When usability and accessibility are in question (and when aren’t they, really), end users will always seek out shortcuts that make their lives easier.
2016-09-09 16:19:28

Video: What You Need To Know About Cyber Threat Intelligence

By Marcos Colón
September 09, 2016
The term cyber threat intelligence gets thrown around a lot, especially on show floors teeming with security practitioners being approached by vendors with the solution to all their problems. But fundamentally, are organizations successfully leveraging the tactics surrounding it? 
2016-09-01 08:00:00

The Trouble with Identity

By Katherine Teitler
September 01, 2016
Identity is who we are. It’s what we do and how we do it. In the digital realm, our identities are part of what affords access to the systems, tools, accounts, and functionality that make it possible to perform job responsibilities and effectively contribute to the organizations for which we work.
2016-08-31 08:00:00

Protecting Mobile Communications When Traveling

By Katherine Teitler
August 31, 2016
Political staffer Huma Abedin has been dominating media headlines as of late for a number of issues, including leaked emails uncovered by Citizens United and released publicly by Fox News. In the exposed emails, she refers to an intent to leave her mobile device, specifically a BlackBerry, behind during a 2009 trip to Russia.  
2016-08-30 08:00:00

Securing Applications; Creating Business Opportunities

By Katherine Teitler
August 30, 2016
Applications have become the technological underpinnings which enable employees to do their jobs faster, more accurately, and with greater ease. Applications have become so ubiquitous within organizations that most employees don’t even consider the tools with which they are working “applications” at all. 
2016-08-26 08:00:00

Too Much Data; Too Many Headaches

By Katherine Teitler
August 26, 2016
The European “right to be forgotten” is an important directive for both privacy and information security advocates. With roots as far back as 1995, a European Data Privacy Directive laid the foundation—and set regulations—for how EU citizens’ personal information must be protected and handled by “controllers of personal data." 
2016-08-24 08:00:00

Are Lengthy Terms and Policies Part of Security’s Problem?

By Katherine Teitler
August 24, 2016
When individual users are required to first accept usage policies and then interact with the website/application/tool by allowing it to collect information, both the user and the enterprise for which the user works are put in a position of risk. Why? Because the likelihood that he or she will read the policy is slim to none.
2016-08-23 08:00:00

Cloud Computing is Transforming Security

By Katherine Teitler
August 23, 2016
Cloud computing has been changing the way organizations operate for over a decade now. Without a doubt, the technology has evolved, offering varying levels of benefits along the way; agility, resiliency, and cost savings are chief among cloud’s attributes, as far as business owners and CFOs are concerned.
2016-08-19 08:00:00

Security Teams Suffer from lack of Visibility

By Katherine Teitler
August 19, 2016
Information security teams face a serious problem when they are unable to detect the presence of a threat actor inside organizational systems. Knowing who has access to key applications is an imperative for trying to protect the company, yet according to a new report published by Okta that may not be a case.
2016-08-15 08:00:00

Hacking the Term “Hacker”

By Katherine Teitler
August 15, 2016
The term “hacker” is thrown around liberally nowadays. It’s a surefire traffic-boosting headline, and the media seizes any opportunity to publish a story with a hacker connection, often positioning the word as a synonym for “malicious attacker.”
2016-08-12 08:00:00

Countering the “Security is Winning When Nothing Happens” Misconception

By Katherine Teitler
August 12, 2016
Many in the security industry, myself included, are guilty of falling into the trap of saying that security is a discipline in which the big “wins” come when “nothing happens.” It’s an easy statement to make, especially when working with business leaders who see only the end result (i.e., no breach, no media headline) and make this claim.
2016-08-11 08:00:00

Digital Trust: How do your Business Partners Affect Risk?

By Katherine Teitler
August 11, 2016
“We’ve seen breaches where the ‘partner effect’ has played a major role, but have you noticed that nobody seems to really know how to manage that risk well,” poses Pete Lindstrom, Vice President of Security Research at IDC. 
2016-08-09 08:00:00

A Seeming APT has Been Discovered by Symantec and Kaspersky

By Katherine Teitler
August 09, 2016
Symantec and Kaspersky Lab simultaneously released information yesterday on “Strider” and “ProjectSauron” respectively. Strider, the attacker group, has reportedly been using a stealthy piece of malware called “Remsec” (Backdoor.Remsec) as part of ProjectSauron to spy on a small number of highly valuable targets in China, Russia, Belgium, and Sweden. 
2016-08-04 08:00:00

When Governments Try to Control the Internet

By Katherine Teitler
August 04, 2016
Totalitarians need to control everything they can—it’s a deep-seated need that stems from the (occasionally true) fear that someone, somewhere, is plotting their overthrow. It seems that the totalitarian impulse to control extends to communications first, whether it’s mail, telegraph, telephone, or Twitter.  
2016-08-03 07:00:00

3 Quick Tips to Help Healthcare Security Managers Lower Cyber Risk

By Marcos Colón
August 03, 2016
There’s progress being made in the healthcare industry as it relates to information security. Yes, recent studies indicate that 90 percent of all healthcare organizations have been the victim of a data breach in the last two years.
2016-08-01 08:00:00

So You Say You Want to be a Pentester

By Katherine Teitler
August 01, 2016
Penetration testing is a mandatory component of any thorough information security program, as security pros know. Company networks are vast and complex, and security teams have the (often thankless) job of protecting everything that falls under the general category of “IT” or “IS.”
2016-07-29 08:00:00

Talking Security: Your Words and Tone Matter

By Katherine Teitler
July 29, 2016
Listening to the political conventions these past two weeks, I couldn’t help but think about security: the conversations security practitioners have with senior management and other business units, the conversations practitioners have amongst themselves, and yes, even talks given at conferences. 
2016-07-28 08:00:00

Honeypots Aren’t the Only Way to Catch Criminals

By Katherine Teitler
July 28, 2016
The Tor network, once known for its ability to provide anonymity and privacy for internet users, is once again losing the confidence of security and privacy advocates. 
2016-07-27 08:00:00

The Feds are Seriously Taking Cybersecurity Seriously

By Katherine Teitler
July 27, 2016
On Tuesday, the White House issued its Presidential Policy Directive-41 (PPD-41), or “United States Cyber Incident Coordination” plan. The PPD follows on the heels of the Cybersecurity National Action Plan, the Obama administration’s attempt to button up cybersecurity efforts in the face of growing threats against U.S. entities.
2016-07-26 08:00:00

BC/DR Planning isn’t a “Someday” Activity

By Katherine Teitler
July 26, 2016
Security teams spend a fair amount of time thinking about incident response. The probability of an information security incident occurring forces teams to consider how to manage intrusions, leaks, and other security vulnerabilities or exploits. 
2016-07-22 08:00:00

Tech Companies Assist the FBI in Criminal Takedown

By Katherine Teitler
July 22, 2016
After last winter’s frosty standoff, Apple and Facebook are now making headlines for being in cahoots with the FBI. For a few years, the bureau has been tracking Kickass Torrents, a very popular file sharing site, and trying to link illegal reproduction and distribution of online media, including movies, TV shows, music, and video games. 
2016-07-21 08:00:00

Video: Why spending more on security technology is not the answer

By Marcos Colon
July 21, 2016
  The evolving threat landscape makes it incredibly difficult for security professionals to protect their organizations. You’d think that with the abundance of security solutions deployed they’d be able to manage cyber risk effectively, yet, the technology that’s intended to protect their organizations may be causing more problems.
2016-07-20 08:00:00

Consumerization of Robo-Services Will Push Enterprise Automation

By Katherine Teitler
July 20, 2016
Betterment, an online investment robo-advisor, is the first of its kind to surpass $5 billion in assets under management. Robo-advisors, for those unfamiliar, are automated, algorithm-based finance portfolio management services. 
2016-07-19 08:00:00

4 Ways to Strengthen Your Third-Party Risk Management Program

By Marcos Colón
July 19, 2016
Security practitioners consistently deal with a slew of issues tied to protecting their organization’s most critical assets. When asked what keeps them up at night, it’s an endless list that features connected devices, shadow IT and making sense of the security and risk organization to board members.
2016-07-14 08:00:00

Cyberattack on Boeing Results in Prison Sentence

By
July 14, 2016
Insider threat. Third-party risk. Phishing. Privilege escalation. Unencrypted sensitive data. This reads like a “Top 5” list of security concerns, but in fact it’s what allowed Su Bin, the owner of a Chinese aviation technology company, to help two Chinese nationals hack into Boeing’s network and steal more than 65GB of data from the defense contractor.
2016-07-13 08:00:00

The Promises of Privacy Shield are TBD

By Katherine Teitler
July 13, 2016
Privacy Shield, the much-anticipated new trans-Atlantic data transfer agreement between the EU and U.S., was approved yesterday by the European Commission. After months of debate and revisions, the Commission finally felt comfortable enough to rubber stamp the framework, which will actually undergo further analysis later this month.
2016-07-12 08:00:00

Are Tech Companies Responsible for All User Information?

By Katherine Teitler
July 12, 2016
The families of five terrorist attack victims filed a lawsuit in U.S. District Court on Monday. The families, claiming that Facebook enabled Palestinian militants to carry out deadly attacks in Israel, are suing for more than $1 billion, calling into question the responsibility of technology companies when it comes to security. 
2016-07-08 08:00:00

The Evolution of Cybersecurity

By Katherine Teitler
July 08, 2016
“A lot of security departments are swimming in the wrong direction,” says Raef Meeuwisse, Director of Cybersecurity at Cyber Simplicity Ltd. By this, Meeuwisse means that companies haven’t yet redirected the scope of their security programs—the tools, technologies, and processes—to reflect current threats. 
2016-07-07 14:29:00

Video: Debunking myths tied to cloud security

By Marcos Colon
July 07, 2016
  Cloud security and privacy have evolved tremendously over the years, but there are still many organizations hesitant to adopt the technology.
2016-07-07 08:00:00

Password Sharing Gets its Day in Court

By Katherine Teitler
July 07, 2016
Security practitioners have long decried the practices of password sharing. Now an appellate court has bolstered that sentiment by handing down a decision in United States v. Nosal, ruling that a former employee of executive search firm Korn/Ferry International has violated the Computer Fraud and Abuse Act.
2016-07-06 08:00:00

Are Your Third-Party Risk Assessments up to Snuff?

By Katherine Teitler
July 06, 2016
Even small, home-spun businesses have a handful of third-party vendors with which they must connect to keep the lights on and the money flowing. Larger organizations might have hundreds or thousands of partners in the supply chain. 
2016-06-29 09:00:00

Third Party Risk Management: The Russian nesting doll of infosec challenges

By Marcos Colon
June 29, 2016
For security practitioners, the name of the game is risk management. These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders.
2016-06-28 08:00:00

Brexit Gets a Bot: Petition website gets hacked

By Katherine Teitler
June 28, 2016
After the contentious Brexit vote last week, the British Parliament’s House of Commons Committee is investigating potential commandeering of an online petition calling for a second referendum on the matter. 
2016-06-27 08:00:00

How Baylor University Approaches Its Security Challenges

By Katherine Teitler
June 27, 2016
Colleges and universities are generally considered settings for learning, openness, and ideas. Students and professors alike are encouraged to explore new thinking and push boundaries. The best academic universities on the planet have entire departments focused on researching subjects unconsidered universally.
2016-06-24 08:00:00

A Deeper Look at the Ponemon 2016 Cost of a Data Breach Study

By Katherine Teitler
June 24, 2016
The 2016 Cost of a Data Breach Study conducted by Ponemon Institute and sponsored by IBM was released in mid-June. One thing the report fails to do is focus on how organizations are improving or declining year over year. Luckily, past reports are still available, enabling a side-by-side look at a few of the key findings.
2016-06-21 08:00:00

The Security Practitioner’s Future

By Katherine Teitler
June 21, 2016
Several years after the introduction of DevOps, the security community continues to laud the method while scant few developers are hopping on the bandwagon. One of the issues is that “security” isn’t part of DevOps. 
2016-06-20 08:00:00

A New Approach to Cloud Security Risk

By Katherine Teitler
June 20, 2016
The mention of cloud services no longer strikes fear in the hearts of security practitioners like it did a decade ago. While some security folks are still wary of providers’ claims, few can doubt that many of the larger, more prevalent cloud providers offer as good or better security than some enterprise security teams.  
2016-06-17 09:00:00

Integrating Cloud Technology Can be a Breeze

By Katherine Teitler
June 17, 2016
Even under the best of circumstances, integrating cloud services and devices into an organization’s technology workflow can be challenging. In all fairness, integrating any new device or appliance into the technology stack requires careful planning, new processes, and often a bit of trial and error. 
2016-06-17 08:00:00

What You Missed at Cloud Security World 2016

By Katherine Teitler
June 17, 2016
Cloud Security World 2016 finished up on Wednesday evening after two days of conversation around all-things-cloud security. “We’ve seen this before,” was a common refrain, and thankfully attendees have moved past the points of denying the existence of cloud services connected to their organizations and saying that cloud is “the largest” security concern.
2016-06-13 08:00:00

The “War” on Cybercrime isn’t Helping

By Katherine Teitler
June 13, 2016
Security is often a battle. In one corner we have the security team warning the rest of the business of the dangers of “X” or fighting to implement new policies and technologies that will help keep the business secure. In the other corner we have lines of business wanting and needing faster, better, more profitable enablement tools and processes.
2016-06-06 08:00:00

Incorporating People Searches into your OSINT Threat Program

By Katherine Teitler
June 06, 2016
OSINT, open source intelligence, is a great tool for companies looking to find threat information on the web. The wealth of information available can be overwhelming, clunky, and difficult to incorporate into a threat intelligence program, however. 
2016-06-02 08:00:00

Wish You Were Here: China Proposes Contentious Cybersecurity Rules

By Katherine Teitler
June 02, 2016
China is once again making it more difficult for international organizations to conduct business in the country. Last year, the China Insurance Regulatory Commission (CIRC) announced draft rules that would require insurance carriers to buy and utilize “secure and controllable” solutions for IT.
2016-06-01 08:00:00

Incident Response Planning: You Can Go Your Own Way

By Katherine Teitler
June 01, 2016
Last night I watched as the driver of a rental moving truck took the top of the truck clear off as he drove under an overpass that was too low for clearance. The top scraped off a bit like the top of a sardine can; it peeled back and bits of curly-cued steal flew across Storrow Drive, one of the main crosstown parkways in Boston, MA.
2016-05-31 08:00:00

It’s The End of the World as We Know It

By Katherine Teitler
May 31, 2016
One of the security downfalls of Android devices is the profusion of independent device makers and the varying states of attention each manufacturer pays to device security. 
2016-05-30 08:00:00

Modernizing SDL for Cloud

By Katherine Teitler
May 30, 2016
The original Software Development Lifecycle (SDL) was built with waterfall-style development in mind. As we continue the transition into heavier reuse of components and less pure development, all with shorter release cycles, the SDL needs modernization in parallel to help ensure secure software.
2016-05-27 08:00:00

I Still Haven’t Found What I’m Looking For

By Katherine Teitler
May 27, 2016
  The Internet of Things (IoT) is transforming the world in ways unimaginable 5-10 years ago. For many of us, IoT extends to the innovation of smartwatches, connected cars, and smart home devices, which have substantially changed the way we live.
2016-05-26 08:00:00

A Change Would do you Good

By Katherine Teitler
May 26, 2016
Apple’s highly guarded and stringent software development process may start to chill out this summer, according to a report in The Information. The company is well known for its rigorous development practices, which helped it climb to the top of security practitioners’ lists as the platform of choice when selecting smartphones and mobile devices in recent years. 
2016-05-23 08:00:00

Leaving on a Jet Plane

By Katherine Teitler
May 23, 2016
“Transportation Security Administration” may not actually refer to security, it seems, according to a report issued by the Office of Inspector General (OIG) of the Department of Homeland Security (DHS). The report details the results of an audit, conducted primarily to follow up on previously reported “deficiencies in information technology.” 
2016-05-22 08:00:00

Keeping Up With the Cloud Security Evolution

By Brian Ahern
May 22, 2016
We're all familiar with the many benefits of moving to the cloud, but taking the steps to do it can be daunting. At the end of the day, however, if you take time to understand the risks posed by the cloud and implement a comprehensive strategy for managing them, you can take full advantage of all the benefits that come from running fast in the cloud.
2016-05-20 08:00:00

Lemme Tell Ya, Them Guys Ain’t Dumb

By Katherine Teitler
May 20, 2016
Ransomware is the hot, new buzzword in security. It is also a serious, escalating problem. Hospitals in Kentucky, Maryland, Ottawa, and California (among others) have had data held hostage in recent months; the U.S. House of Representatives blocked access to third-party email apps after ransomware attempts (or maybe unconfirmed attacks?) were perpetrated.
2016-05-17 08:00:00

At First I was Afraid, I was Petrified

By Katherine Teitler
May 17, 2016
All organizations know that flexibility, productivity, and personalization were drivers of the BYOD movement that started to take hold five, six years ago. Nowadays, the term is barely used, but BYOD'ing is commonplace at 99% of organizations, according to a new study conducted by IBM and sponsored by ISMG.
2016-05-13 08:00:00

All I do is Win

By Katherine Teitler
May 13, 2016
The decline in TalkTalk's profits is undoubtedly due to the aftereffects of a cyberattack in which the names, phone numbers, and email addresses of a reported 157,000 customers were lost. In addition, during the same incident 21,000 bank account numbers were accessed. 
2016-05-12 08:00:00

The Tide is High but I’m Holdin’ On

By Katherine Teitler
May 12, 2016
Yesterday, mobile security firm, Wandera, released findings from the company’s research into the state of mobile application security. The report, “Assessing the Security of 10 Top Mobile Apps,” is an attention-grabber.
2016-05-10 08:00:00

APTs Aren’t the Threat You Might Think

By Katherine Teitler
May 10, 2016
Advanced persistent threat. The term started sneaking into infosec nomenclature about ten years ago and reached its peak during 2010-2013, instigated by Stuxnet and trending steadily upward through the release of Mandiant’s APT1 report.  
2016-05-08 08:00:00

Challenges of Cloud Integration

By Nicholas Takacs
May 08, 2016
In today's dynamic business environment, organizations face pressure to reduce cost, improve process efficiency, and drive financial growth. The "faster, cheaper, better" approach also flows down to technology.
2016-05-06 08:00:00

Give a Little Bit. Give a Little Bit of My Bugs to You

By Katherine Teitler
May 06, 2016
OSINT—or open source intelligence—is a wondrous thing. As security professionals know, this nearly endless sea of information provides both opportunities and drawbacks. Threat intelligence vendors, though, harness the vastness of the web to unearth tidbits of information.
2016-05-05 08:00:00

What Are You Waiting For?

By Katherine Teitler
May 05, 2016
WhatsApp, a popular encrypted messaging app, was briefly shut down throughout Brazil earlier this week after a regional judge ordered the country’s telecom providers to temporarily block the app.
2016-05-03 08:00:00

You’re Out of Touch, I’m Out of Touch

By Katherine Teitler
May 03, 2016
Spy movie aficionados know that the most secure rooms and hiding places are protected by biometric authentication, requiring thieves to go to great lengths to gain entry. When the tables are turned, however, and the government needs access to information about said criminals, all they need to do is ask! 
2016-04-28 08:00:00

The Indestructability of Data in the Cloud

By Evelyn de Souza
April 28, 2016
Business leaders are often too trusting of the cloud. While on the other side, cloud providers claim they are secure – but that doesn't actually mean that your data is protected!
2016-04-20 08:00:00

Tips for Selecting a Cloud-based Solution

By Katherine Teitler
April 20, 2016
While cloud has technically existed in earlier forms—application service providers and hosted solutions, for instance—for almost twenty years, the current cloud marketplace offers a wide selection of services designed to meet the requirements of organizations looking to outsource certain aspects of operations.
2016-04-19 08:00:00

What Shouldn't Be Automated, Really?

By Ben Tomhave
April 19, 2016
In preparing for my Cloud Security World 2016 talk, "Automagic! Shifting Trust Paradigms Through Security Automation," I've been thinking a lot about what can be automated, how to automate, and how to demonstrate and measure value around all that jazz.
2016-04-18 08:00:00

Maneuvering, Understanding, and Applying Federal Compliance Requirements

By Katherine Teitler
April 18, 2016
If you are a System Owner (SO) in a commercial organization or a federal agency, maneuvering through, understanding, and implementing federal security and privacy compliance requirements can be a difficult hurdle.
2016-04-11 08:00:00

That’s A Wrap: InfoSec World 2016 Highlights in Hindsight

By Katherine Teitler
April 11, 2016
InfoSec World 2016 is now in the books. For the better part of a week, infosec pros took over The Contemporary Resort to discuss everything from building an incident response plan to leadership skills to active defense and trust.
2016-04-07 08:00:00

InfoSec World 2016 Attendees’ Top Interests

By Katherine Teitler
April 07, 2016
You know the saying: Bigger isn’t necessarily better. When it comes to conferences, however, knowing your audience’s interests and preferences is key to putting on a great event.
2016-04-04 10:00:00

Hit Me with Your Best Shot

By Katherine Teitler
April 04, 2016
Geopolitical cyber war is a fairly well established practice: You break into my nation-state thing; I’ll hack you back. President Obama and Chinese President Xi Jinping even met in Washington, D.C. this past September to discuss (and announce) the desire of both parties to curb intellectual property theft.
2016-03-30 08:00:00

No One Likes to be Defeated

By Katherine Teitler
March 30, 2016
If Hollywood doesn’t make movie out of the Apple vs. FBI debate, someone is missing the boat. As proven by the recent Oscar winners, “Spotlight” and “The Big Short,” audiences eat up controversial subjects, especially when the impact of the controversy affects them or loved ones.
2016-03-28 08:00:00

Users Take Privacy Into Their Own Hands with Message Encrypting Apps

By Katherine Teitler
March 28, 2016
A recent story in the New York Times shared information on a new crop of secure messaging apps for smartphones. The article, posted in the “Personal Tech” section, offered snippets of information about the functionality of five different consumer-focused tools.
2016-03-28 05:00:00

Selecting an eGRC Software Tool and Not Living to Regret it

By Ben Rothke
March 28, 2016
If you are going to be in Orlando in the beginning of April and are an information security professional, why wait in humid 90-minute long Disney lines when you can enjoy Orlando indoors at the Infosec World 2016 conference? Another benefit of the conference is that vendors at the expo give you t-shirts. This is the only free thing you'll find at Disney.
2016-03-22 08:00:00

Under Control

By Katherine Teitler
March 22, 2016
Major technology providers are not the only ones thinking about how to best protect user data. Users, too, are becoming increasingly concerned, and when those users are PhDs and professors at some of the world’s top universities, innovation is spawned.
2016-03-22 05:00:00

So, How is that Risk Management Thing Workin’ For Ya?

By Jeffrey Ritter
March 22, 2016
We are currently engaged in a war to achieve victory over risk. Okay, perhaps "war" is not the right way to describe the status quo. None of us can ever achieve total victory over risk. Any expert will say some risk always persists in any activity we undertake.
2016-03-18 08:00:00

Wasn’t Me

By Katherine Teitler
March 18, 2016
Earlier this week American Express notified customers of a potential breach involving theft of account numbers, user names, and “some other” account information—most of the juicy ingredients necessary for fraud. The company was quick to mention that it is monitoring for fraud, but it was even quicker to deny responsibility for the incident. 
2016-03-17 08:00:00

Why The Pentagon’s New Bug Bounty Program is Sending a Strong Message

By Katherine Teitler
March 17, 2016
Everything is heating up on Capitol Hill: President Obama is proffering a new Supreme Court Justice nominee. The next presidential race is as much a circus as it is a true campaign. Apple and the FBI are still going at it (while other government agencies have started speaking out in favor of encryption).
2016-03-11 08:00:00

The Race to Protect Customer Privacy and Gain Trust is On

By Katherine Teitler
March 11, 2016
Technology is an inescapable part of our lives. Unless you live completely off the grid—grow your own food, never drive a car, transact with only the cash kept under your mattress inside your built-by-your-own-hands house—your personal information is collected, tracked, and exchanged by and among businesses.
2016-03-09 08:00:00

Mobile Devices in Investigations

By Warren Kruse, Vice President, Altep Inc.
March 09, 2016
Once upon a time, phones were only used to make calls. For most of us, our phone is a mobile office; central to a great deal of our daily activity, our phones are the hub through which our email, text messages, news, social media, calendars, driving directions, fitness goals, and so much more are all brought to us, organized, recorded, and shared.
2016-03-07 08:00:00

Happy Anniversary, RSA 2016

By Katherine Teitler
March 07, 2016
Over 40,000 attendees and nearly 550 vendors are getting back to their inbox this week after having attended the gargantuan vendor show otherwise known as RSA. It was RSA’s silver anniversary, and as with each passing year, it gets BIGGER with age!
2016-03-01 08:00:00

Secure Privileged Accounts Faster Than Hackers Can Strike

By Jonathan Sander, VP of Product Strategy, Lieberman Software
March 01, 2016
During the past couple of years, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.
2016-02-29 08:00:00

Ch-ch-ch-ch Changes

By Katherine Teitler
February 29, 2016
Whatever side of the debate you’re on when it comes to Apple and the FBI, one thing is for certain: U.S. courts should not be using laws written in 1789 to make decisions about current technological capabilities.
2016-02-22 08:00:00

E-N-C-R-Y-P-T, Find out What it Means to Me

By Katherine Teitler
February 22, 2016
Encryption is not a new invention. In fact, evidence of encrypted messages dates back to 1900 BC when the Egyptians wrote alternative symbols on pyramid walls to relay secret messages to one another. In modern times, though, encryption takes on a new meaning.
2016-02-17 08:00:00

Where the Security Things Are

By Katherine Teitler
February 17, 2016
The security field needs more practitioners. The insanity that is our “always-connected” world necessitates more resources to manage, monitor, and maintain personal and enterprise data – from email accounts to mobile phones to chock-full-of-tech refrigerators. 
2016-02-16 12:00:00

Advanced and Persistent: Neither is Necessary

By Ed Bellis, CTO, Kenna
February 16, 2016
The hype around advanced persistent threats (APTs) is as high as ever. Post-breach, hacked organizations sing the praises of their adversaries' skills. Practitioners are bombarded by industry marketing touting the latest APT detecting and killing technologies.
2016-02-12 12:00:00

Lookin’ Out My Backdoor

By Katherine Teitler
February 12, 2016
As debates about privacy versus encryption rage on, with the US, UK, and France on one side and Germany and the Netherlands on the other, Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar decided to take a look at the encryption products market and replicate a study conducted in 1999.
2016-02-09 02:00:00

Why OSINT is a BFD

By Katherine Teitler
February 09, 2016
OSINT, or open source intelligence, is information about threats collected from publicly available sources. The CIA defines OSINT as information “drawn from publicly available material.
2016-01-20 14:53:00

Metrics That Mean Something (Aside From Pretty Graphs)

By Kristy Westphal
January 20, 2016
When you think of security metrics, what's the first thing that pops into your mind? OK, after you yawn, what's the first thing? While security metrics themselves may not exude excitement, what if your metrics quickly revealed just the type of information you need that leads to a decision or action that helps solve a business problem?
2016-01-19 03:28:00

When the User Isn’t the Issue

By Katherine Teitler
January 19, 2016
For as long as I can remember, I’ve heard that “users are the weakest link in the chain,” or even worse, “you can’t stop stupid.” This long-held view is not terribly productive to advancing information security, and it certainly doesn’t endear the security professional to the general public.
2016-01-15 03:28:00

The Problem with Perception

By Katherine Teitler
January 15, 2016
In a profession that’s designed around problem identification, it’s no wonder security professionals are often labeled “contrarians” or “trouble makers.” From the outside in, it looks like security’s job is to find problems even when operations are seemingly gliding along smoothly. Security pros are trained to slog through logs and find anomalies. 
2016-01-04 14:53:00

Think You’re Ready for DevOps? Try These Tests

By Mike Landeck, CISSP, PCSM
January 04, 2016
As a young man, I was given some advice that seemed too obvious to really be considered advice. It went something along the lines of, "If a person keeps a checkbook that's not accurate or up to date, don't hire them as your accountant..." As DevOps rises in popularity, I am reminded of this adage often.
2015-12-21 14:53:00

Say What? Getting Risk Management Back on Track

By Jack Jones, EVP of Research & Development and co-founder at RiskLens
December 21, 2015
Would you ride on a space shuttle mission if you knew that the scientists and engineers who planned the mission and built the spacecraft couldn't agree on the definitions for mass, weight, and velocity?

CPE imageMIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.  

Copyright ©2019 MIS Training Institute Holdings, Inc. All rights reserved.  
Contact Us | Privacy | Terms and Conditions | Cookie Policy | Site Map Regional Preference