Infosec Insider

2019-04-16 05:10:53

Should You Be Paying Attention to Airborne Attacks?

By Josue Ledesma

April 16, 2019

It’s no mystery that the world of cybersecurity constantly faces a massive challenge. It has to pre-empt attacks, predict how hackers will use new attack vectors, and defend their environment against all existing attacks and attacks that may not even exist yet. In this feature, we go over one of the more obscure, but dangerous and difficult attacks to defense against—airborne attacks.

2019-04-11 05:07:16

Who Watches the Watchers?: A Discussion on Who Can Be Trusted Today

By Marcos Colon

April 11, 2019

Security departments have evolved tremendously over the years, but so have cyber threats. As organizations become more aware that nearly no one can be trusted, whose job is it to watch the watchers? At this year’s RSA Conference in San Francisco, InfoSec Insider caught up with Forcepoint's Dr. Richard Ford who dives into the topic.

2019-04-04 05:14:57

Cybercrime Extortion: 2019 Trends and Insights

By Marcos Colon

April 04, 2019

Cyber swindlers are continually looking to reinvent themselves, and their methods are becoming savvier. InfoSec Insider caught up with Digital Shadows CISO Rick Holland on the recent research that his team has conducted on cybercrime extortion, and how security practitioners can secure their organizations don't fall prey to these attacks.

2019-03-28 05:10:56

Your Weak Physical Security Could Be A Hacker’s Easiest Target

By Brent White & Tim Roberts, Senior Security Consultants, Threat Services, NTT Security

March 28, 2019

While having strong IT security in place to secure sensitive data on devices and networks is critical, ensuring your organization practices strong physical security is equally important. Organizations need to prevent attackers from being able to walk in and walking out with data, systems, physical documents, or worse – a new connection to your network as a persistent threat.

2019-03-26 05:02:47

The Basic Cyber Law Concepts Every Security Professional Needs to Know

By Steve Black, Professor of Law, Texas Tech University

March 26, 2019

Cyber law is focused on bringing more clarity to privacy questions that new technology introduce. It’s important for all security professionals to have a basic understanding of current and potential future cyber law concepts in order to stay compliant and ensure sensitive data stays safe.

2019-03-21 05:58:48

The State of Passwords in 2019: Will They Ever Go Away?

By Josue Ledesma

March 21, 2019

Password security has undergone a significant transformation over the last few years. As a reaction to the insecure form of identity verification that is logging in with a password, technologies such as two-factor authentication (2FA), multi-factor authentication (MFA), and hardware keys. This begs the question—where does that leave passwords in 2019?

2019-03-12 05:10:01

How Moving Away From Traditional Academia Has Changed Cybersecurity Education

By Paul Rohmeyer, Program Director MS Information Systems, Stevens Institute of Technology

March 12, 2019

Today, there are highly specialized training options offered both in-person and online in the form of meetups, webinars, formal courses, and in-house and external conferences. The attractiveness (cost, convenience, and specialty) of these alternative options has driven cybersecurity talent to steer towards education avenues outside of traditional academia.

2019-03-07 05:08:13

Why Your Cybersecurity Comms Need to Evolve

By Dawn Papandrea

March 07, 2019

When you’re talking information security among your peers, it sounds like a totally different language than the rest of your organization speaks. This puts infosec professionals in a bind. On the one hand, security vulnerabilities exist throughout the company. Yet you, alone, are carrying the burden of knowing just how serious it can get. That’s why it’s up to you to create an information security communication strategy.

2019-03-05 05:13:23

DeMISTIfying Security: The Top 3 Dangerous Security Assumptions

By Ed Moyle and Raef Meeuwisse

March 05, 2019

From steering clear of marketing buzz to the impact of misinformation, DeMISTIfying Security hosts Ed Moyle and Raef Meeuwisse point out the security assumptions that could be catastrophic to any security practitioner’s role.

2019-02-21 05:01:13

Confused on How to Implement Cybersecurity Policy Based on the NIST Security Framework? Read On.

By Jim Romeo

February 21, 2019

We understand that some security professionals may not have the easiest time implementing the NIST Security Framework. That’s why we’ve created the “missing manual” on getting it right in this latest InfoSec Insider post.

2019-02-12 05:59:59

Glimpsing Inside the Trojan Horse: An Insider Analysis of Emotet

By Max Heinemeyer

February 12, 2019

Emotet is a highly sophisticated malware with a modular architecture, installing its main component first before delivering additional payloads. In this contributed article, Darktrace's Max Heinemeyer, director of threat hunting, breaks down the threat.

2019-02-07 05:00:06

2019 Cybersecurity Threat Trends: What Should Be On Your Radar Part 2

By Josue Ledesma

February 07, 2019

Last week we shared the first part of this two-part series on cyber threats in 2019. This week we wrap up the remainder of the insights we shared thanks to our conversation with subject matter expert Adrian Sanabria, VP of strategy and product at NopSec.

2019-01-31 05:50:59

2019 Cybersecurity Threat Trends: What Should Be on Your Radar

By Josue Ledesma

January 31, 2019

InfoSec Insider caught up with one SME that helped us put together a list of the looming threats your company should keep an eye on and how organizations can defend themselves accordingly. Here's a look at what you should have on your radar.

2019-01-24 05:18:57

Lessons Learned: How to Defend Your Organization Against Social Engineering

By Josue Ledesma

January 24, 2019

Social engineering is unique in the cybersecurity world as its scope of influence can vary widely on the software, hardware, and even psychological level. In this article, we’ll cover social engineering attacks and help you learn from recent developments in the space.

2019-01-22 05:25:41

DeMISTIfying Security: To 2019 and Beyond!

By Ed Moyle and Raef Meeuwisse

January 22, 2019

In last week's segment, Ed and Raef discussed some of the major developments in infosec in 2018. This week, they take out their crystal ball and look into 2019, sharing their thoughts on what many practitioners could expect.

2019-01-15 05:26:38

DeMISTIfying Security: 2018 Year in Review

By Ed Moyle and Raef Meeuwisse

January 15, 2019

In the latest installment of InfoSec Insider’s DeMISTIfying Security series, security experts Ed Moyle and Raef Meeuwisse return to review the major breaches, developments, and takeaways that you can get from information security events in 2018.

2018-12-27 11:34:33

InfoSec Insider Top 10 in 2018

By Marcos Colón

December 27, 2018

As 2018 wraps up, InfoSec Insider looks back at some of the most popular articles we've produced for our loyal audience. From communicating security metrics to the board and making sense of attack patterns, to key areas that you should focus your cybersecurity strategy on, here's a list of the top 10 articles.

2018-12-25 05:19:29

Know Your Inventory: A CISOs Guide to Asset Management

By Josue Ledesma

December 25, 2018

A CISO’s list of responsibilities are vast. They need to protect, defend, and identify any risks and potential attacks that may hit their company’s environment. However, knowing what needs protection is its own challenge.

2018-12-20 09:43:37

The Cloud Security Dos and Donts Explained

By Marcos Colón

December 20, 2018

Security practitioners that are looking to migrate their business to the cloud in a successful manner have to consider quite a lot. That's why InfoSec Insider caught up with security leader and industry veteran Mark Arnold during this video interview where he quickly breaks down what you should and shouldn't be doing when it comes to the topic.

2018-12-18 05:58:25

Are You Using These Best Practices to Build a Vendor Risk Management Program?

By Jim Romeo

December 18, 2018

Today's IT playing field implores a higher state of alertness, not only within your enterprise but also outside of it. However, when it comes security, not all vendors are created equal. Some very likely have inferior security hygiene and practices that can affect you big time.

2018-12-13 05:11:50

The Blockchain Revealed: How InfoSec Can Benefit from the Protocol

By Marcos Colón

December 13, 2018

InfoSec Insider catches up with Debbie Hoffman, CEO of Symmetry Blockchain Advisors at the CSA Congress event, who clarifies what blockchain means to security leaders today, and any privacy implications they should be aware of.

2018-12-11 05:49:11

Leveraging Collaboration and SOAR to Secure Our Digital Future

By Cody Cornell

December 11, 2018

The idea behind collaborative security is to change the security and threat landscape from the daunting “one vs. many” to “many vs. many,” embracing the power of knowledge and collaboration to protect valuable data.

2018-12-06 09:14:34

Cybersecurity 101: How to Get Started in the Business (Part 2)

By Ed Moyle and Raef Meeuwisse

December 06, 2018

In this walkthrough, InfoSec Insider experts Ed Moyle and Raef Meeuwisse demonstrate one useful exercise that can aid security practitioners in getting a lay of the land in their organization, serving as the perfect first step in ultimately measuring and reducing information security risks.

2018-12-04 05:42:01

Cybersecurity 101: A Discussion on the Basics and Fundamentals

By Ed Moyle and Raef Meeuwisse

December 04, 2018

InfoSec Insider SMEs Ed Moyle and Raef Meeuwisse are back, but this time they're talking fundamentals. If you're an up-and-coming security warrior, you'll definitely want to heed this advice from the two infosec experts.

2018-11-29 05:54:58

Considerations for Cloud Service Providers on the Path to FedRAMP Accreditation

By Baan Alsinawi

November 29, 2018

The government has urged the private sector to offer agencies secure cloud solutions through the FedRAMP accreditation, which establishes baseline standards for security assessment, authorization, and continuous monitoring. Here, we provide six key considerations to help guide FedRAMP accreditation efforts.

2018-11-22 05:33:26

When Is It Time to Share Your Secret Sauce?

By Marcos Colón

November 22, 2018

When is it time for your organization to share cybersecurity information with its competitors and how much should you be sharing? We interview two industry experts that provided us with their take on the topic in this featured video interview.

2018-11-20 05:09:02

Do You Really Need a Penetration Test?

By Ed Moyle

November 20, 2018

This will probably be a contentious point for some, but there are situations where a penetration test isn’t the best use of an organization’s resources. Here, we examine what is (and isn't) a pentest, and what its goals should be depending on your organization's needs.

2018-11-15 05:43:40

How to Communicate Threat Intelligence to the Board

By Marcos Colón

November 15, 2018

Cyber threats are top of mind for board members, but communicating cyber threat intelligence may not be the easiest task for security leaders. In this recent interview with Tim Callahan, senior vice president and global security officer at Aflac provides some helpful tips that could go a long way.

2018-11-13 05:35:42

How to Train Your Team (and Organization) to Effectively Use Threat Intelligence

By Josue Ledesma

November 13, 2018

Threat intelligence has transformed the information security world for the better but it’s not always leveraged in the best way possible by organizations and departments. InfoSec Insider spoke to threat intel expert Karl Sigler to get a sense of how organizations can maximize threat intelligence for their organization.

2018-11-01 05:54:15

Common Application Vulnerabilities You Should Know About

By Marcos Colón

November 01, 2018

While patching vulnerabilities seems like a “low-hanging fruit” task for many security practitioners, it seems as though many still fail to do so. In this interview with application security expert Chris Eng, he highlights the common blind spots associated with vulnerability management.

2018-10-30 05:39:26

2018 Midterm Election Security: Thoughts from Security Experts

By Marcos Colón

October 30, 2018

InfoSec Insider catches up with cybersecurity experts on the lessons learned from the 2016 election hacks, and what the security practitioner of today could learn from those events. With early voting already in full swing, we take a brief look back at what occurred.

2018-10-25 05:59:24

So, How Strong Are Your Organization's Passwords?

By Marcos Colón

October 25, 2018

Ntrepid Corporation’s Chief Scientist Lance Cottrell chats with InfoSec Insider and offers up the major dos and don’ts tied to password management, as well as pinpoints the significant weaknesses in some of the systems we’ve come to rely on heavily.

2018-10-16 05:47:41

The New Regulatory Wrinkles for Data Protection You Should Know About

By Aaron Turner

October 16, 2018

We’ve seen the rules for data security change from relatively simple policies, such as simple access controls, to much more complex policy requirements with the implementation of GDPR. This article’s intended to cover three new perspectives that will influence data protection controls in the coming years.

2018-09-13 05:06:59

Election Security in 2018: What’s Next?

By Marcos Colón

September 13, 2018

Forcepoint’s Dr. Richard Ford discusses the impact that the 2016 election meddling had on the cybersecurity community, and the lessons learned that security practitioners should take note of, but most importantly, act on.

2018-09-06 05:58:29

Back to the Basics: The State of Cyber Hygiene in 2018

By Marcos Colón

September 06, 2018

Tripwire's Tim Erlin chats with InfoSec Insider on the state of cyber hygiene in 2018, where we are, why we're there, and highlights different areas that security practitioners are failing to cover as it relates to securing the business.

2018-08-23 04:53:22

The State of Mobile Payments Security

By Aaron Turner

August 23, 2018

What is the bottom line from a security perspective when it comes to mobile payments? In the current state of the ecosystem, mobile security expert Aaron Turner offers up his take and advice on the topic.

2018-08-21 05:49:30

Understanding Zero Trust: A New Strategy for Cyber Defense

By Pravin Kothari, CEO, CipherCloud

August 21, 2018

The idea that all internal networks should be considered trusted while external networks should be trusted was fundamentally wrong. This featured article describes why the move to the cloud has also accelerated the movement to Zero Trust.

2018-08-16 05:12:32

Intelligent Context Monitoring for Security Operations

By Vijay Dheap

August 16, 2018

The context around security events is essential to qualify if those events are false positives or worthy of a security response. However, today security operations are predominantly focused on event monitoring and rely on security analysts to reconstruct context.

2018-08-14 05:38:38

GDPR is Here...So What's Next?

By Heather Dean Bennington

August 14, 2018

GDPR was a major focus for many organizations this year. Whether it has been extensive business process mapping, understanding the purposes of personal data, or defining its scope. But now that it's here, what should security professionals focus on next?

2018-08-09 05:16:34

How Infosec Can Put More “Intelligence” into Operationalizing Threat Intelligence

By Marcos Colón

August 09, 2018

Threat intelligence expert Dave Ockwell-Jenner discusses how organizations have changed the way they approach threat intelligence, and provides the primary Dos and Don’ts associated with developing a successful threat intelligence program.

2018-08-07 05:09:54

Blockchain: What It Is and What It Means for InfoSec

By Josue Ledesma

August 07, 2018

Blockchain has become the new buzzword of choice across a wide spectrum of industries, such as finance, tech, and the information security industry. However, what blockchain is and what its applications are still seem to be unclear. This article sets the record straight.

2018-08-02 05:24:02

Tips on Creating Your Own Bug Bounty Program

By Marcos Colón

August 02, 2018

Bugcrowd Founder Case Ellis discusses the evolution of bug bounty programs and their impact on information security, in addition to providing tips on the key areas to focus on when it comes to developing a bug bounty program at your organization.

2018-07-31 05:07:04

How to Build Practical Cross-Training in Infosec

By Ed Moyle

July 31, 2018

Given the skills gap in information security, it's important for cybersecurity managers to diversify and expand the skill base of their team members. Here, we highlight how they can do it from a practical point of view.

2018-07-26 05:44:21

The Cyber Threat Alliance: Making Cybersecurity Collaboration Work

By Marcos Colón

July 26, 2018

The Cyber Threat Alliance’s Chief Analytic Officer Neil Jenkins provides update on the state of information sharing in 2018 and provides some insight on the steps security practitioners can take if they’re interested in sharing their threat data.

2018-07-24 05:34:38

Mobile Privacy & Infosec Tips for Frequent Travelers

By Aaron Turner

July 24, 2018

Summer will be over before you know it and for many of you, it might be time to hit the road again for business travel. Before you pack up all of your devices, you might want to keep some of this advice in mind to ensure your data is secure.

2018-07-12 05:32:55

Are Security Professionals Doing Enough?

By Marcos Colón

July 12, 2018

Cybereason’s Israel Barak discusses the approach that far too many businesses take when it comes to their security strategy and highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.

2018-07-10 05:24:25

First-Hand Experience in Developing a Threat Hunting Program

By Jessa Gramenz

July 10, 2018

Developing a threat hunting program may be challenging, but it doesn’t have to be. In this feature article, one subject matter expert provides us with a glimpse into her experience on the topic and what you can expect.

2018-07-05 05:45:08

How Hacked Elections Impacted the Security Industry

By Marcos Colón

July 05, 2018

CA Veracode’s Chris Wysopal discusses how the 2016 presidential election hack broadened the horizon on how security warriors think about defending their data and offers up advice on what they should consider when it comes to protecting sensitive information.

2018-07-03 05:46:00

Threat Modeling: What, Why, and How?

By Adam Shostack

July 03, 2018

Threat modeling is essential to becoming proactive and strategic in your operational and application security. In this feature article, you'll learn what threat modeling is, how it relates to threat intelligence, and how and why to start.

2018-06-21 05:38:49

Cover Your Bases: Areas to Focus on in Your Information Security Strategy

By Marcos Colón

June 21, 2018

Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.

2018-06-12 05:18:30

The Dark Web: What You Should Know and Why You Should Care

By Josue Ledesma

June 12, 2018

The dark web is one of those elusive subjects that can often get misinterpreted. We spoke to Reclamere's Connie Mastovich to get her expert take on what the dark web is, what risk it poses to companies, and how to protect yourself from it.

2018-05-15 06:16:00

Crisis Communications in a Headline-Driven World

By Katherine Teitler

May 15, 2018

Media communication in the face of a cybersecurity incident often gets the shaft in favor of incident handling, but what you don't handle can come back to haunt you.

2018-05-08 06:16:00

A Look at the Current State of Mobile Security

By Aaron Turner

May 08, 2018

Enterprise security practitioners can greatly improve their network security posture, if only they would take the time to right-size mobile security policies.

2018-04-24 06:16:00

How to Manage Your Security Post-Conference Inbox

By Katherine Teitler

April 24, 2018

Cybersecurity conferences often lead to inbox overload, but they don't have to if the onsite experience is managed correctly.

2018-04-19 05:28:30

Are You Over- or Under-Investing in Cybersecurity?

By Marcos Colón

April 19, 2018

We caught up with one CISO that shares his advice on what security leaders can do to ensure they're taking the right approach to budgeting as it relates to their overall security strategy.

2018-04-17 06:16:00

Cybersecurity Executives Misalign Concerns with Actions

By Katherine Teitler

April 17, 2018

Cybersecurity teams seem to understand their biggest areas of challenge, yet the action to put effort behind remediating those problems falls short.

2018-04-10 06:16:00

Cloudy With a Chance of Shared Security Responsibility

By Katherine Teitler

April 10, 2018

Today, most reputable cloud service providers are security conscious, yet users remain responsible over many—but varying—aspects of information security. Here, we take a look at the three most common public cloud models that should be on your radar.

2018-04-05 06:16:00

How to Avoid Becoming the Security Scapegoat

By Katherine Teitler

April 05, 2018

When a company falls victim to a cyber incident, security personnel are often in the line fire--especially when they've focused only on the technical side of the job. Here we provide some tips that can lessen the chances that any one person will bear the absolute blame.

2018-03-27 06:16:00

NIST Addresses IoT Security Concerns as Lawmakers Float Certification

By Katherine Teitler

March 27, 2018

With more everyday products being built with internet connectivity capabilities, cybersecurity practitioners have become concerned about the security and privacy of those devices. The state of IoT security is pretty grim, but will proposed guidance and regulations improve processes?

2018-03-22 06:24:19

The Challenges of Measuring Information Security Performance Today

By Marcos Colón

March 22, 2018

InfoSec Insidercatches up with NSS Labs CEO Vik Phatak who discussed what the state of measuring security performance is today, what approach practitioners should be taking, and the common mistake that security pros make when it comes to purchasing security solutions.

2018-03-20 06:16:00

Third-Party Vendor Relationships are Risky Business

By Katherine Teitler

March 20, 2018

While third-party vendor relationships can provide tremendous benefits, partnering does not relieve the primary organization of its security and compliance obligations.

2018-03-06 06:16:00

Will Net Neutrality Impact the Security Tools Market?

By Katherine Teitler

March 06, 2018

The revocation of Net Neutrality won't impact enterprise security strategy, but it could effect the security tools market. Possibly.

2018-02-27 06:16:00

Learning to Make Better Decisions About Cybersecurity

By Katherine Teitler

February 27, 2018

Tony Sager hopes security practitioners don't view the CIS Controls as "just another checklist."

2018-02-22 06:16:00

Negotiating Today’s Shadow IT Labyrinth

By Katherine Teitler

February 22, 2018

The rise of the "citizen developer" may be a blessing for organizations looking to create efficiencies, but could become a curse for security teams if not handled properly.

2018-02-20 06:16:00

Facing GDPR, Even if You’re Late to the Game

By Katherine Teitler

February 20, 2018

Tackling GDPR means knowing where all your data reside, even if they're outside of your direct control. Here we take a look at how you can tackle this initiative even if you're a bit late given the time of year and when the regulation goes into effect.

2018-02-15 06:16:00

Six Tips for Shoring Up Your SMB Security Strategy

By Katherine Teitler

February 15, 2018

SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.

2018-02-08 06:16:00

Four Ways to Improve Security Testing Outcomes

By Katherine Teitler

February 08, 2018

Security testing must be about more than finding vulnerabilities and remediating them. In this feature article we take a look at four proven ways that you can improve your security testing outcomes.

2018-02-01 06:16:00

5 Ways to Make Your IR Plan Actionable

By Katherine Teitler

February 01, 2018

If you're looking to ensure that your cyber incident response plan doesn't turn into shelfware, here are five ways to make it actionable.

2018-01-31 06:16:00

Analyzing Your Government Contract Cybersecurity Compliance

By Robert Jones

January 31, 2018

If you're a government contractor or a government entity hiring contractors, you need to know the ins and outs of the new FAR and DAR Councils' cybersecurity rules for government contractors.

2018-01-16 06:16:00

The Art of Aligning Security Goals with Business Goals

By Katherine Teitler

January 16, 2018

To help security leaders find new ways to better align with business colleagues, we turned to two experts to find out how they’re constantly maneuvering between technical requirements and fueling business priorities.

2018-01-04 06:16:00

Security New Year’s Resolutions

By Katherine Teitler

January 04, 2018

Working in the field of cybersecurity can be extremely rewarding, but it can also be extremely stressful and lead to burnout, if you let it.

2018-01-02 06:09:00

What It Means To Do DevOps

By Marcos Colón

January 02, 2018

One expert discusses the growing importance of DevOps within the enterprise, the initial steps organizations should be taking to implement a DevOps approach, and how to get buy-in from key stakeholders.

2017-12-28 06:30:00

6 Things Security Practitioners Should Know About the SOC

By Katherine Teitler

December 28, 2017

The security operations center is a critical element of running a situationally aware security organization. Unfortunately, many companies today don’t have the resources to form one.

2017-12-26 06:12:00

Readers Choice: Top 10 InfoSec Insider Articles of 2017

By Marcos Colón

December 26, 2017

You picked them! Here's a look at the most read articles published on InfoSec Insider in 2017. From CASB to threat intelligence, you'll find a unique mix of some engaging content that answers some of your pressing questions.

2017-12-18 05:56:00

How to Mitigate Cyber Risks through Cyber Insurance

By Katherine Henry & Brendan Hogan, Bradley Arant Boult Cummings LLC

December 18, 2017

Cybersecurity professionals can provide valuable input in their companies’ procurement of cyber insurance, and should be involved in all phases of cyber insurance procurement and management. Here are some important areas you should focus on.

2017-12-14 07:46:00

GDPR is Looming, and Companies are Laissez-faire

By Katherine Teitler

December 14, 2017

Companies can use GDPR as a way to shore up lax security controls and processes.

2017-12-06 06:46:00

Canary Management…I Mean Change Management

By Joshua Marpet

December 06, 2017

Your change management process is tightened up and locked down, right? No, well, read on.

2017-12-04 07:46:00

Despite Technology Advances, Cybersecurity Programs Aren’t Keeping Pace

By Katherine Teitler

December 04, 2017

Cybersecurity teams have made advances against modern-day adversaries, but not at the pace they need to be to make a true impact against exponentially growing threats.

2017-11-30 07:46:00

Artificial Threat Intelligence: Using Data Science to Augment Analysis

By Lance James

November 30, 2017

Data science can help analysts make more informed threat intelligence decisions...but only if it's integrated correctly.

2017-11-20 07:46:00

The Business Benefit of Backups

By Katherine Teitler

November 20, 2017

There are many reasons organizations don’t back up systems correctly, but are any of them good reasons?

2017-11-15 07:46:00

We Don’t Need More Security Awareness Training

By Katherine Teitler

November 15, 2017

Security awareness works, so why isn't it helping our enterprise become more secure?

2017-11-13 07:46:00

Why Do Data Breach Disclosures Take So Long? Let's Ask the SEC Chairman

By Shawn E. Tuma

November 13, 2017

Security pros act incredulous when they hear of a delayed breach disclosure, but is it wrong?

2017-11-08 07:46:00

Trump’s Twitter Deactivation Reminds Us to Check Our Change Management

By Katherine Teitler

November 08, 2017

One rogue employee or unauthorized user can significantly impact your organization's information security risk...if you let them.

2017-11-06 05:08:21

Upstream Disconnect: Why CISOs and the Board Aren’t Seeing Eye to Eye

By Marcos Colón

November 06, 2017

After conducting 80 interviews with security leaders and board members, these two experts discuss the findings of their research and offer a rare window into how each group viewed progress and setbacks in their oversight of cyber risk.

2017-11-02 07:46:00

The ACDC Act Would Take Defenders’ Eyes Off Real Cyber Defense

By Katherine Teitler

November 02, 2017

The Active Cyber Defense Certainty Act could have negative impacts on defenders' security efforts.

2017-10-30 07:46:00

Why A Lower Cost Per Data Breach Isn’t Cause for Celebration

By Katherine Teitler

October 30, 2017

A look at what the Ponemon "Cost of Data Breach" study tells us about how to prepare for a data breach or cybersecurity incident.

2017-10-23 07:46:00

Hiring for Security is Hard. So What?

By Katherine Teitler

October 23, 2017

Cybersecurity staffing is a hot button issue, but not one that can be ignored just because it's a challenge.

2017-10-16 07:46:00

SMBs' Cyber Attack Woes are Rising

By Katherine Teitler

October 16, 2017

The "2017 State of Cybersecurity in Small & Medium-Sized Businesses" report reveals what we already know about security, but what will companies do about it?

2017-10-10 07:46:00

The Security Talent Gap, Not Just A People Problem

By David Etue

October 10, 2017

New people, more education, and development are not the only ways to fill the security talent gap.

2017-10-09 06:27:00

Plan to Think and Think to Plan: Avoiding Quick Decisions in Information Security

By Marcos Colón

October 09, 2017

Four techniques information security professionals can use to set themselves up for success in the event of a data breach.

2017-10-02 07:46:00

States Push for Consumer Protection in Credit-Related Data Breaches

By Katherine Teitler

October 02, 2017

The Equifax data breach has spurred two state attorneys general to draft legislation that places the onus for lost credit-related data on the credit bureaus themselves.

2017-09-26 07:46:00

Authentication Failure Leads to IP Theft at Deloitte

By Katherine Teitler

September 26, 2017

The Deloitte breach teaches us that we have many cybersecurity lessons to learn—even ones we already know.

2017-09-18 07:46:00

Why Ransomware Will Continue to Target Healthcare

By Katherine Teitler

September 18, 2017

“Defray” ransomware is making its way around the healthcare industry, proving that cyber criminals still need only target low-hanging fruit.

2017-09-13 07:46:00

Did Equifax Wait Too Long to Notify the Public?

By Katherine Teitler

September 13, 2017

Equifax committed so many infosec data breach sins, but delaying public notification is probably not one of them.

2017-09-11 07:46:00

The Equifax Breach is not Just Another “Oops”

By Katherine Teitler

September 11, 2017

The Equifax breach should be a wakeup call that we're doing security wrong.

2017-08-28 07:46:00

Tech Giants Take on the Supreme Court in Digital Data Battle

By Katherine Teitler

August 28, 2017

In a brief filed with the Supreme Court earlier this month, 15 major U.S.-based technology companies petitioned the court on the subject of digital data.

2017-08-07 06:37:40

OPSEC Tradecraft: Protecting the Online Persona

By Lance James

August 07, 2017

In our last article, we discussed how disciplines like psychology and behavior-profiling can help us to better understand the adversary at the end of the keyboard. Now we are going to extend similar disciplines to ourselves as intel analysts.

2017-08-03 07:46:00

Will the Latest (Proposed) IoT Legislation Make a Difference?

By Katherine Teitler

August 03, 2017

The proposed "Internet of Things Cybersecurity Improvement Act of 2017" signals a shift in attitudes about cybersecurity's impact on public safety.

2017-08-01 07:46:00

Can the “Right to be Forgotten” Lead to Better Data Security?

By Katherine Teitler

August 01, 2017

Should individuals have the right to have their data removed from search engine results and providers' systems, and what impact would that have on information security?

2017-07-06 07:00:00

How Far Should You Go with Employee Monitoring?

By Katherine Teitler

July 06, 2017

Depending on your source, insider threat accounts for anywhere from 27% - 77% of all breaches. Despite the disparity in agreement about size of the problem, most security practitioners agree that the difficulty identifying insider threat is greater than identifying external threats.

2017-06-29 07:46:00

A Day in the Life of a Security Executive (part 2)

By Katherine Teitler

June 29, 2017

A look at the career path of information security executive Kristy Westphal.

2017-06-26 07:46:00

The “Best Practice” Parable

By Joshua Marpet

June 26, 2017

"Best practices” are subjective, of course, though the phraseology leads people to believe that these “best practices” are, in fact, the best.

2017-06-20 07:46:00

Government Gains Ground on Modernizing Hackable Technology

By Katherine Teitler

June 20, 2017

Government decisions and the passage of new laws are slow moving, which is just one of the reasons outdated laws are governing current technology usage.

2017-06-19 07:46:00

Incident Response is About More Than Responding to Incidents

By Katherine Teitler

June 19, 2017

Incident response preparedness is an integral part of every organization’s cybersecurity program.

2017-06-05 07:46:00

What Trump’s Cybersecurity Executive Order Means…or Does Not Mean…for Enterprises

By Katherine Teitler

June 05, 2017

It has been less than a month since U.S. President Trump issued an Executive Order aimed at improving the nation’s cybersecurity defenses.

2017-06-01 07:46:00

Why are Outdated Laws Governing Current Technology Usage?

By Katherine Teitler

June 01, 2017

When it comes to how corporations manufacture and sell products, different people have varying views on what role government plays in that process.

2017-05-30 07:46:00

Why Customer Service is a Big Part of Your Security Job

By Katherine Teitler

May 30, 2017

Not too long ago an acquaintance sent me a frantic instant message, thinking she might have accidentally downloaded malware after clicking on an email attachment.

2017-05-29 06:16:00

Why Your Risk Management Practice Shouldn’t be On-Trend

By Ed Moyle

May 29, 2017

The security community often gets caught up in the latest and greatest tools and technologies, using those trends as a way to garner attention for the security program. But this strategy can backfire when it comes to real risk management and how seriously security is taken.

2017-05-25 07:46:00

Why the C-Suite is Your Biggest Shadow IT Risk

By Katherine Teitler

May 25, 2017

Shadow IT is problematic in the best of circumstances. In the worst cases, it poses a massive cybersecurity risk to the entire organization.

2017-05-22 07:46:00

Malicious Insiders Are a Huge Problem But You Have a Bigger Issue

By Christy Wyatt

May 22, 2017

Aside from corporate data and proprietary intellectual property, employees are the greatest assets to companies.

2017-05-16 07:46:00

DHS Funds Mobile Digital Trust Projects

By Katherine Teitler

May 16, 2017

Identity in the digital world has always been a point of contention for information security practitioners.

2017-05-11 07:46:00

FTC Launches New Small Business Cybersecurity Website, But…

By Katherine Teitler

May 11, 2017

Earlier this week the Federal Trade Commission (FTC), the self-proclaimed consumer protection watchdog, launched a new website aimed at helping small businesses buff up cybersecurity practices.

2017-05-08 07:46:00

Building a Better Security Industry

By Katherine Teitler

May 08, 2017

How often have you heard the term “cultural fit” as it relates to employees of your or another’s place of employment?

2017-05-05 07:46:00

Compromised Credentials and Financially-Motivated Attacks Top the 2017 DBIR

By Katherine Teitler

May 05, 2017

The issuance of the DBIR has become an industry event of sorts, giving people the opportunity to carefully examine and argue the finer points against that which they see in their environments.

2017-05-03 07:46:00

Does the U.S. Need a Data Protection Authority?

By Katherine Teitler

May 03, 2017

When the House recently voted to overturn a proposed ruling that would have limited internet service providers’ ability to share and sell customer data, cries of “foul” were heard.

2017-05-02 18:02:02

Why Secure Data Logistics Provides Optimum Visibility

By Marcos Colón

May 02, 2017

Security experts David Etue and Christopher Ensey discuss their research into secure data logistics.

2017-05-01 07:46:00

Speaking to Malware: A New Approach to Combat Attacks

By Todd O’Boyle

May 01, 2017

Cyber attackers need persistent access to your company’s network, systems, and users to steal from you. The good news is that persistence can also be used against attackers.

2017-04-24 13:46:00

Running Security Operations Agilely

By Kristy Westphal

April 24, 2017

How, then, do security operations run better with Agile? DevOps, DevSecOps, and Agile all imply pretty big changes to your organization.

2017-04-14 13:46:00

Why Security Managers are Afraid of the Cloud

By Katherine Teitler

April 14, 2017

Cloud computing has become a ubiquitous part of today’s business operations. Though the cloud is not security practitioners’ favorite tool in the toolbox, it is here to stay.

2017-04-11 13:46:06

Fail vs Finished: The Difference Between Information and Intelligence

By Lance James

April 11, 2017

The majority of threat “intelligence” you receive and attempt to operationalize successfully currently isn’t intelligence at all; it’s simply information!

2017-04-10 08:00:00

Tips for Managing Diverse Personalities on Your Security Team

By Katherine Teitler

April 10, 2017

A security team—just like any functional area team—is made of up unique individuals with distinct personalities and working styles.

2017-03-30 08:00:00

End User Security Habits Aren’t Bound to Help your Corporate Program

By Katherine Teitler

March 30, 2017

Americans’ online security habits are just as bad as you’ve imaged, according to a recent survey of more than 2,000 respondents.

2017-03-29 08:00:00

What the CIA Leaks Mean for Security Managers

By Katherine Teitler

March 29, 2017

When WikiLeaks released a repository of hacking tools and techniques used by the CIA, the initial reaction was shock and awe, followed quickly by piqued interest, then a bit of annoyance.

2017-03-22 08:00:00

The State of Cyber Safety

By Katherine Teitler

March 22, 2017

As if protecting organizational systems from data theft and abuse weren’t a big enough challenge, “Poor cybersecurity hygiene is now having life-altering effects” says one industry expert.

2017-03-21 08:00:00

What is the Best Security Framework for your Business?

By Dominic Vogel

March 21, 2017

Cybersecurity frameworks are quite similar to relationships—you get out of them what you put into them. To some extent, we have all waded into the waters of cybersecurity frameworks.

2017-03-16 08:00:00

What Keeps a Chief Privacy Officer Up at Night

By Katherine Teitler

March 16, 2017

The majority of people don’t even know every place their personal information has been provided or acquired, and it’s this quagmire that keeps privacy officers up at night.

2017-03-15 08:00:00

Secure Development for the Cloud

By Randall Brooks

March 15, 2017

Application exploits have become daily news, and as a result, application security and secure coding are developing focus areas of cybersecurity.

2017-03-14 11:51:49

Why Creating an Incident Response Plan is a Continuous Activity

By Marcos Colón

March 14, 2017

The fire department typically has a response plan they can put into use when a building is ablaze, involving equipment, angles to take on the fire, and what to do after the flames have been put out.

2017-03-13 08:00:00

Executives and IT Decision Makers Don’t See Eye-to-Eye on Security

By Katherine Teitler

March 13, 2017

A new study published by BAE Systems highlights the disconnect between C-level executives and IT Decision Makers when it comes to perceptions of cybersecurity within the enterprise.

2017-03-08 14:30:00

Enterprise Resiliency goes Beyond Disaster Recovery

By Gary Sheehan

March 08, 2017

Resiliency sounds like a common-sense approach to business. Each organization must prepare for change and disruptions in order to survive and prosper. Who wouldn’t want to do that, right?

2017-03-02 14:30:00

A Look at NY’s Stricter Cybersecurity Rules for Financial Institutions

By Katherine Teitler

March 02, 2017

Though the rules took effect at the beginning of the month, affected enterprises have transition periods ranging from 180 days to 18 months to comply with varying aspects of the law.

2017-02-24 08:30:00

GDPR has Implications Beyond the EU

By Katherine Teitler

February 24, 2017

Compliance with the European law becomes mandatory on May 25, 2018, and given the complexities of adherence, companies are starting to scramble to put plans in place.

2017-02-23 08:30:00

Building Strong Infosec Teams through Diversity

By Katherine Teitler

February 23, 2017

In biology, it is well known that genetic diversity creates strength in that it helps build resilience to disease, disorders, and other human ailments. At a community level, we also find strength in diversity.

2017-02-15 11:48:00

The Continued Evolution of the CISO Role

By Marcos Colón

February 15, 2017

While some security professionals have climbed the ranks based on their technical know-how, it’s the transition into the business leadership role that tends to present the challenges for chief security officers.

2017-02-13 08:30:00

How to Approach an Effective Board Presentation

By Katherine Teitler

February 13, 2017

What is security’s purpose if not to help with risk management? Organizations run on varying degrees of risk—financial risk, operational risk, market risk, sociopolitical risk, etc.—and information security has become a big piece of the risk picture.

2017-02-08 09:00:00

House of Representatives Passes an Important Privacy Bill

By Katherine Teitler

February 08, 2017

It would be somewhat of an understatement to say that methods of communication have changed over the last 31 years. Yet in that time, laws pertaining to the privacy of those new types of communication have remained stuck in the past.

2017-02-07 08:31:00

Leadership Lessons from the Orchestra

By Katherine Teitler

February 07, 2017

Leadership is a lot like playing in an orchestra. For those less familiar with an orchestra setting, let me explain. The basics: A traditional orchestra is made up of strings, woodwinds, brass, and percussion, plus keyboards.

2017-02-06 08:31:00

We Should Talk More!

By Joshua Marpet and Scott Lyons

February 06, 2017

Technologists are the bedrock of IT and IT security. They innovate, create, build, implement, maintain, and decommission the most amazing software and hardware systems ever compiled.

2017-02-03 08:31:00

What Happens When the President Insists on an Unsecure Device?

By Katherine Teitler

February 03, 2017

The President of the United States is apparently using an Android phone, and likely an outdated version, at that. Despite reports that the newly inaugurated president was, in typical fashion, offered a “secure, encrypted device approved by the Secret Service,” it appears Mr. Trump prefers his own personal device. Don’t we all?

2017-02-02 08:31:00

Signs You’ve Been Breached

By Katherine Teitler

February 02, 2017

It’s true that cyberspace is growing by the day, and as companies and individuals add more information to internet-accessible sources, the risk of compromise of that data grows in parallel. With this greater risk comes more responsibility.

2017-01-30 08:31:00

Why Security Managers are Failing at Password Security

By Katherine Teitler

January 30, 2017

The idea of a password as a security mechanism is sound: One user with an individual identity plus a unique, secret password. In the physical world, this combination often works as it should, since the user’s identity travels with the user (in effect, adding a second factor of identification).

2017-01-27 08:31:00

Incident Response: It’s all in the Planning

By Katherine Teitler

January 27, 2017

The most fundamental part of incident response planning is to understand that it’s a living, breathing cycle. An organization can’t slap a plan together and expect that plan to carry the team through the next three to five years.

2017-01-26 13:31:00

Get Your Identity and Access Management Under Control

By Katherine Teitler

January 26, 2017

That idea of checks for every customer action, the weight of it, the precautions put in place—armed security guards, security cameras, security alarms positioned in ample locations—all signal to would-be thieves that any attack on a bank is going to require serious skill, planning, and personal risk.

2017-01-24 13:31:00

Pacemakers and Piracy: The Unintended Consequences of the DMCA for Medical Implants

By Cory Doctorow

January 24, 2017

As networked computers disappear into our bodies, working their way into hearing aids, pacemakers, and prostheses, information security has never been more urgent -- or personal. A networked body needs its computers to work well, and fail even better.

2017-01-20 13:31:00

Will The Government Affect Cybersecurity in the Near Future?

By Katherine Teitler

January 20, 2017

On this first day of a Donald Trump presidency, many people around the world are watching and wondering what is going to happen in corporate America. The speculation is no less prevalent in the security industry.

2017-01-19 13:31:00

Can Security and Compliance Coexist Happily?

By Katherine Teitler

January 19, 2017

Security staff are infamous for declaring “security does not equal compliance” whenever the topic of compliance is mentioned by a non-security person. The reasoning behind this is sound: Compliance is a set of minimum requirements and auditable actions or technologies.

2017-01-17 13:31:00

Tackling Government Cybersecurity Staffing Challenges

By Katherine Teitler

January 17, 2017

Cybersecurity staffing—and the industry shortage—is a frequent topic of conversation among security practitioners. But as nation state competition heats up, government and civilian agencies need to develop alternative hiring strategies if the U.S. wants to compete on a global scale.

2017-01-10 13:31:00

Changing Security Awareness, One Set of Terms & Conditions at a Time

By Katherine Teitler

January 10, 2017

The Children’s Commissioner for England released a report last week stating the need for sweeping changes to terms and conditions on social networking sites, particularly those with audiences largely comprised of children and young adults.

2016-12-23 07:45:00

The Best of InfoSec Insider in 2016

By Marcos Colón

December 23, 2016

As we continue to ramp up our efforts in providing you with a resourceful library of content you can rely on, we’ve decided to reflect on some of the top InfoSec insider articles of 2016, based on the engagement we’ve received from our readers.

2016-12-22 08:00:00

Security and Privacy in 2017 (+3)

By Katherine Teitler

December 22, 2016

Many uncertainties await the world when the new United States administration takes office on January 20, 2017. The President-elect, while extremely vocal on the campaign trail, has been disconcertingly cagey in the weeks leading up to inauguration.

2016-12-21 08:00:00

Security Resolution: Better Communication for the New Year

By Katherine Teitler

December 21, 2016

The New Year is close upon us and many security firms and media outlets are busy publishing 2017 predictions or “the year in review.” Rather than following suit, we’d like to propose a New Year’s resolution to all security practitioners (and office workers, in general, really).

2016-12-20 08:00:00

Threat Intelligence Program Staffing Requirements

By Katherine Teitler

December 20, 2016

In security, where human resources are tight to begin with, thinking about where you’re going to find the best individuals to staff a threat intelligence team can quickly turn into a headache.

2016-12-16 08:00:00

How Well Will Your Organization Withstand a Cyber Attack?

By Katherine Teitler

December 16, 2016

While security practitioners are thinking about exploits, vulnerabilities, controls, and threat actors’ TTPs, what executives really want to know is, “When the company is the victim of an attack, what effect will that have on the rest of the company, and how quickly can employees resume?"

2016-12-12 08:00:00

Developing the National Cyber Incident Response Plan

By Katherine Teitler

December 12, 2016

Indeed, effective, successful organizations are attempting to proactively identify threats and indicators of compromise before they present serious destruction to the victim organization. Even the most robust and mature threat intelligence programs, though, aren’t immune to a breach.

2016-12-05 08:00:00

Who Is the Most Negligent Insider?

By Katherine Teitler

December 05, 2016

“Insider threat” — it’s a term that gets thrown around a lot in cybersecurity circles. Practitioners want to know who is responsible for attacks and how attacks are being perpetrated so defenses can be appropriately implemented and provisioned.

2016-12-02 08:00:00

Has the CISO Finally Earned a “Seat at the Table”?

By Katherine Teitler

December 02, 2016

Over the past few years the security industry has seen a rise in the number of appointed CISOs. At companies where previously the security team was small, secluded, and likely managed by the CIO, it is refreshing that mention of a CISO is no longer followed by puzzled looks or blank stares.

2016-11-29 08:00:00

Inclusion is the Key to Security Staffing

By Katherine Teitler

November 29, 2016

Depending on your media outlet of choice, the current cybersecurity staffing shortage is either pressing or catastrophic. In either case, a staffing shortage exists and the industry needs to take more proactive steps to look beyond current talent pools to fill open positions, as well as positions that will be created as the industry continues to expand.

2016-11-10 00:16:00

The New Identity and Access Management Normal

By Dan Houser, Security Architect & Perspicacious Security Iconoclast

November 10, 2016

A study of recent hacking attacks on corporations makes it obvious that (weak) password credentials are being used both inside and outside organizations, and are frequently the credential protecting remote access to the enterprise and its "crown jewels."

2016-11-09 00:16:00

Is Threat Intelligence Too Hard?

By Doug Gray, Senior Cyber Architect, Lunarline, Inc.

November 09, 2016

No threat actor ever avoided attacking your system because you marked a control as compliant. So why do so many defenders spend so little time understanding the threat?

2016-10-31 00:16:00

The Business Value of Cyber Threat Intelligence

By Rafal Los, Managing Director, Solutons Research and Development, Optiv

October 31, 2016

For nearly the last twenty years, enterprise security teams have been fighting threats to their business much like hapless teenagers fight demons in horror movies. Let me paint you a scene. Four people fleeing a horde of some type of evil take refuge in a run-down back woods cabin in the middle of nowhere.

2016-10-28 08:00:00

A Big Win for Privacy Could Increase Security Awareness

By Katherine Teitler

October 28, 2016

Yesterday morning the Federal Communications Commission (FCC) passed new—and controversial—rules regarding how internet service providers (ISPs) may use customers’ “sensitive” personal data.

2016-10-25 08:00:00

DDoS Caused by Exploited Components is a Wakeup Call

By Katherine Teitler

October 25, 2016

Until last Friday, Internet of Things (IoT) cyber attacks were largely more theoretical than practical, at least for those outside of the cybersecurity research realm. When Reddit, Twitter, Netflix, Spotify, and PayPal, among others, were taken offline or significantly slowed due to a massive distributed denial of service (DDoS) attack last week.

2016-09-29 13:00:00

Security and Ops Coordination Hinges on Communication

By Katherine Teitler

September 29, 2016

Rifts between the security team and other groups lead to inefficiency and reduced effectiveness. Information security isn’t getting as much done as is necessary in our breach-of-the-day world, yet old problems like failure to collaborate persist.

2016-09-27 09:00:00

Learning Lessons of Security Failures Ensures Future Success

By Katherine Teitler

September 27, 2016

As a first time DerbyCon goer, I didn’t quite know what to expect. In its sixth year, DerbyCon is well known throughout the security community, and I’ve worked with several of the speakers, a few of the organizers, and met many security vendor representatives at MISTI and past-job events.

2016-09-14 08:00:00

Do Security Certs Matter to You?

By Katherine Teitler

September 14, 2016

By many estimates, the demand for information security practitioners far exceeds availability. As security becomes an appreciable concern for large and small companies alike, it stands to reason that the industry is going to face a serious shortage in the coming years if new practitioners aren’t found or cultivated.

2016-09-13 08:00:00

When Security and Convenience Collide

By Katherine Teitler

September 13, 2016

When usability and accessibility are in question (and when aren’t they, really), end users will always seek out shortcuts that make their lives easier.

2016-09-06 08:00:00

Security Budgeting Season is Upon Us

By Katherine Teitler

September 06, 2016

Like it or not, fall is right around the corner, and for many private enterprises, fall means Q4 which means facing the dreaded budgeting season. If budgeting itself weren’t cumbersome enough, cybersecurity budgets—even if they stand alone—are often part of a larger function.

2016-08-30 08:00:00

Securing Applications; Creating Business Opportunities

By Katherine Teitler

August 30, 2016

Applications have become the technological underpinnings which enable employees to do their jobs faster, more accurately, and with greater ease. Applications have become so ubiquitous within organizations that most employees don’t even consider the tools with which they are working “applications” at all.

2016-08-24 08:00:00

Are Lengthy Terms and Policies Part of Security’s Problem?

By Katherine Teitler

August 24, 2016

When individual users are required to first accept usage policies and then interact with the website/application/tool by allowing it to collect information, both the user and the enterprise for which the user works are put in a position of risk. Why? Because the likelihood that he or she will read the policy is slim to none.

2016-08-19 08:00:00

Security Teams Suffer from lack of Visibility

By Katherine Teitler

August 19, 2016

Information security teams face a serious problem when they are unable to detect the presence of a threat actor inside organizational systems. Knowing who has access to key applications is an imperative for trying to protect the company, yet according to a new report published by Okta that may not be a case.

2016-08-17 08:00:00

The CFP Process Isn’t as Scary as you Think

By Katherine Teitler

August 17, 2016

Calls for presentations: Depending on whom you ask, CFPs are either a great opportunity for subject matter experts to display knowledge and vie for a coveted spot on a conference program, or an absolute nightmare, as the intended speaker carefully calculates the best topic to submit.

2016-08-12 08:00:00

Countering the “Security is Winning When Nothing Happens” Misconception

By Katherine Teitler

August 12, 2016

Many in the security industry, myself included, are guilty of falling into the trap of saying that security is a discipline in which the big “wins” come when “nothing happens.” It’s an easy statement to make, especially when working with business leaders who see only the end result (i.e., no breach, no media headline) and make this claim.

2016-08-11 08:00:00

Digital Trust: How do your Business Partners Affect Risk?

By Katherine Teitler

August 11, 2016

“We’ve seen breaches where the ‘partner effect’ has played a major role, but have you noticed that nobody seems to really know how to manage that risk well,” poses Pete Lindstrom, Vice President of Security Research at IDC.

2016-08-09 08:00:00

A Seeming APT has Been Discovered by Symantec and Kaspersky

By Katherine Teitler

August 09, 2016

Symantec and Kaspersky Lab simultaneously released information yesterday on “Strider” and “ProjectSauron” respectively. Strider, the attacker group, has reportedly been using a stealthy piece of malware called “Remsec” (Backdoor.Remsec) as part of ProjectSauron to spy on a small number of highly valuable targets in China, Russia, Belgium, and Sweden.

2016-07-27 08:00:00

The Feds are Seriously Taking Cybersecurity Seriously

By Katherine Teitler

July 27, 2016

On Tuesday, the White House issued its Presidential Policy Directive-41 (PPD-41), or “United States Cyber Incident Coordination” plan. The PPD follows on the heels of the Cybersecurity National Action Plan, the Obama administration’s attempt to button up cybersecurity efforts in the face of growing threats against U.S. entities.

2016-07-26 08:00:00

BC/DR Planning isn’t a “Someday” Activity

By Katherine Teitler

July 26, 2016

Security teams spend a fair amount of time thinking about incident response. The probability of an information security incident occurring forces teams to consider how to manage intrusions, leaks, and other security vulnerabilities or exploits.

2016-07-22 08:00:00

Tech Companies Assist the FBI in Criminal Takedown

By Katherine Teitler

July 22, 2016

After last winter’s frosty standoff, Apple and Facebook are now making headlines for being in cahoots with the FBI. For a few years, the bureau has been tracking Kickass Torrents, a very popular file sharing site, and trying to link illegal reproduction and distribution of online media, including movies, TV shows, music, and video games.

2016-07-19 08:30:00

CISOs Need to be More Than Business Leaders

By Katherine Teitler

July 19, 2016

The role of the CISO is changing. We hear about it every day: CISOs must become more business oriented and fine-tune communication skills so other executives consider heads of security business equals.

2016-07-13 08:00:00

The Promises of Privacy Shield are TBD

By Katherine Teitler

July 13, 2016

Privacy Shield, the much-anticipated new trans-Atlantic data transfer agreement between the EU and U.S., was approved yesterday by the European Commission. After months of debate and revisions, the Commission finally felt comfortable enough to rubber stamp the framework, which will actually undergo further analysis later this month.

2016-07-12 08:00:00

Are Tech Companies Responsible for All User Information?

By Katherine Teitler

July 12, 2016

The families of five terrorist attack victims filed a lawsuit in U.S. District Court on Monday. The families, claiming that Facebook enabled Palestinian militants to carry out deadly attacks in Israel, are suing for more than $1 billion, calling into question the responsibility of technology companies when it comes to security.

2016-07-08 08:00:00

The Evolution of Cybersecurity

By Katherine Teitler

July 08, 2016

“A lot of security departments are swimming in the wrong direction,” says Raef Meeuwisse, Director of Cybersecurity at Cyber Simplicity Ltd. By this, Meeuwisse means that companies haven’t yet redirected the scope of their security programs—the tools, technologies, and processes—to reflect current threats.

2016-07-07 08:00:00

Password Sharing Gets its Day in Court

By Katherine Teitler

July 07, 2016

Security practitioners have long decried the practices of password sharing. Now an appellate court has bolstered that sentiment by handing down a decision in United States v. Nosal, ruling that a former employee of executive search firm Korn/Ferry International has violated the Computer Fraud and Abuse Act.

2016-07-06 08:00:00

Are Your Third-Party Risk Assessments up to Snuff?

By Katherine Teitler

July 06, 2016

Even small, home-spun businesses have a handful of third-party vendors with which they must connect to keep the lights on and the money flowing. Larger organizations might have hundreds or thousands of partners in the supply chain.

2016-06-29 09:00:00

Third Party Risk Management: The Russian nesting doll of infosec challenges

By Marcos Colon

June 29, 2016

For security practitioners, the name of the game is risk management. These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders.

2016-06-28 08:00:00

Brexit Gets a Bot: Petition website gets hacked

By Katherine Teitler

June 28, 2016

After the contentious Brexit vote last week, the British Parliament’s House of Commons Committee is investigating potential commandeering of an online petition calling for a second referendum on the matter.

2016-06-27 08:00:00

How Baylor University Approaches Its Security Challenges

By Katherine Teitler

June 27, 2016

Colleges and universities are generally considered settings for learning, openness, and ideas. Students and professors alike are encouraged to explore new thinking and push boundaries. The best academic universities on the planet have entire departments focused on researching subjects unconsidered universally.

2016-06-21 08:00:00

The Security Practitioner’s Future

By Katherine Teitler

June 21, 2016

Several years after the introduction of DevOps, the security community continues to laud the method while scant few developers are hopping on the bandwagon. One of the issues is that “security” isn’t part of DevOps.

2016-06-20 08:00:00

A New Approach to Cloud Security Risk

By Katherine Teitler

June 20, 2016

The mention of cloud services no longer strikes fear in the hearts of security practitioners like it did a decade ago. While some security folks are still wary of providers’ claims, few can doubt that many of the larger, more prevalent cloud providers offer as good or better security than some enterprise security teams.

2016-06-13 08:00:00

The “War” on Cybercrime isn’t Helping

By Katherine Teitler

June 13, 2016

Security is often a battle. In one corner we have the security team warning the rest of the business of the dangers of “X” or fighting to implement new policies and technologies that will help keep the business secure. In the other corner we have lines of business wanting and needing faster, better, more profitable enablement tools and processes.

2016-06-02 08:00:00

Wish You Were Here: China Proposes Contentious Cybersecurity Rules

By Katherine Teitler

June 02, 2016

China is once again making it more difficult for international organizations to conduct business in the country. Last year, the China Insurance Regulatory Commission (CIRC) announced draft rules that would require insurance carriers to buy and utilize “secure and controllable” solutions for IT.

2016-06-01 08:00:00

Incident Response Planning: You Can Go Your Own Way

By Katherine Teitler

June 01, 2016

Last night I watched as the driver of a rental moving truck took the top of the truck clear off as he drove under an overpass that was too low for clearance. The top scraped off a bit like the top of a sardine can; it peeled back and bits of curly-cued steal flew across Storrow Drive, one of the main crosstown parkways in Boston, MA.

2016-05-31 08:00:00

It’s The End of the World as We Know It

By Katherine Teitler

May 31, 2016

One of the security downfalls of Android devices is the profusion of independent device makers and the varying states of attention each manufacturer pays to device security.

2016-05-27 08:00:00

I Still Haven’t Found What I’m Looking For

By Katherine Teitler

May 27, 2016

The Internet of Things (IoT) is transforming the world in ways unimaginable 5-10 years ago. For many of us, IoT extends to the innovation of smartwatches, connected cars, and smart home devices, which have substantially changed the way we live.

2016-05-26 08:00:00

A Change Would do you Good

By Katherine Teitler

May 26, 2016

Apple’s highly guarded and stringent software development process may start to chill out this summer, according to a report in The Information. The company is well known for its rigorous development practices, which helped it climb to the top of security practitioners’ lists as the platform of choice when selecting smartphones and mobile devices in recent years.

2016-05-23 08:00:00

Leaving on a Jet Plane

By Katherine Teitler

May 23, 2016

“Transportation Security Administration” may not actually refer to security, it seems, according to a report issued by the Office of Inspector General (OIG) of the Department of Homeland Security (DHS). The report details the results of an audit, conducted primarily to follow up on previously reported “deficiencies in information technology.”

2016-05-20 08:00:00

Lemme Tell Ya, Them Guys Ain’t Dumb

By Katherine Teitler

May 20, 2016

Ransomware is the hot, new buzzword in security. It is also a serious, escalating problem. Hospitals in Kentucky, Maryland, Ottawa, and California (among others) have had data held hostage in recent months; the U.S. House of Representatives blocked access to third-party email apps after ransomware attempts (or maybe unconfirmed attacks?) were perpetrated.

2016-05-13 08:00:00

All I do is Win

By Katherine Teitler

May 13, 2016

The decline in TalkTalk's profits is undoubtedly due to the aftereffects of a cyberattack in which the names, phone numbers, and email addresses of a reported 157,000 customers were lost. In addition, during the same incident 21,000 bank account numbers were accessed.

2016-05-06 08:00:00

Give a Little Bit. Give a Little Bit of My Bugs to You

By Katherine Teitler

May 06, 2016

OSINT—or open source intelligence—is a wondrous thing. As security professionals know, this nearly endless sea of information provides both opportunities and drawbacks. Threat intelligence vendors, though, harness the vastness of the web to unearth tidbits of information.

2016-04-29 08:00:00

Where You Lead, I Will Follow

By Katherine Teitler

April 29, 2016

Recently I was having a conversation with a good friend, a good friend who also happens to be a leadership and communication expert. We were discussing the topic of leadership in the security industry and how, while there are many bosses and executives, there are few truly excellent leaders in security today.

2016-04-20 08:00:00

Tips for Selecting a Cloud-based Solution

By Katherine Teitler

April 20, 2016

While cloud has technically existed in earlier forms—application service providers and hosted solutions, for instance—for almost twenty years, the current cloud marketplace offers a wide selection of services designed to meet the requirements of organizations looking to outsource certain aspects of operations.

2016-04-19 08:00:00

Don’t Fall in Your FUD

By Katherine Teitler

April 19, 2016

Have you ever slowed your car while driving to gawk at an accident on the side of the road, or been frustrated by the car in front of you that did? Have you caught yourself mesmerized by a ridiculous YouTube video?

2016-04-19 08:00:00

What Shouldn't Be Automated, Really?

By Ben Tomhave

April 19, 2016

In preparing for my Cloud Security World 2016 talk, "Automagic! Shifting Trust Paradigms Through Security Automation," I've been thinking a lot about what can be automated, how to automate, and how to demonstrate and measure value around all that jazz.

2016-04-04 10:00:00

Hit Me with Your Best Shot

By Katherine Teitler

April 04, 2016

Geopolitical cyber war is a fairly well established practice: You break into my nation-state thing; I’ll hack you back. President Obama and Chinese President Xi Jinping even met in Washington, D.C. this past September to discuss (and announce) the desire of both parties to curb intellectual property theft.

2016-03-30 08:00:00

No One Likes to be Defeated

By Katherine Teitler

March 30, 2016

If Hollywood doesn’t make movie out of the Apple vs. FBI debate, someone is missing the boat. As proven by the recent Oscar winners, “Spotlight” and “The Big Short,” audiences eat up controversial subjects, especially when the impact of the controversy affects them or loved ones.

2016-03-22 08:00:00

Under Control

By Katherine Teitler

March 22, 2016

Major technology providers are not the only ones thinking about how to best protect user data. Users, too, are becoming increasingly concerned, and when those users are PhDs and professors at some of the world’s top universities, innovation is spawned.

2016-03-22 05:00:00

So, How is that Risk Management Thing Workin’ For Ya?

By Jeffrey Ritter

March 22, 2016

We are currently engaged in a war to achieve victory over risk. Okay, perhaps "war" is not the right way to describe the status quo. None of us can ever achieve total victory over risk. Any expert will say some risk always persists in any activity we undertake.

2016-03-18 08:00:00

Wasn’t Me

By Katherine Teitler

March 18, 2016

Earlier this week American Express notified customers of a potential breach involving theft of account numbers, user names, and “some other” account information—most of the juicy ingredients necessary for fraud. The company was quick to mention that it is monitoring for fraud, but it was even quicker to deny responsibility for the incident.

2016-03-17 08:00:00

Why The Pentagon’s New Bug Bounty Program is Sending a Strong Message

By Katherine Teitler

March 17, 2016

Everything is heating up on Capitol Hill: President Obama is proffering a new Supreme Court Justice nominee. The next presidential race is as much a circus as it is a true campaign. Apple and the FBI are still going at it (while other government agencies have started speaking out in favor of encryption).

2016-03-16 05:00:00

Advancing Your Security Leadership Journey

By Michael Santarcangelo

March 16, 2016

Are you valued as much a leader as you are a security resource (with a team)? It's the gut check question I ask of security leaders. In most cases, the answer is no. Most security leaders say they receive recognition for technical prowess, not for leadership.

2016-03-15 08:00:00

Love ‘em and Lead ‘em!

By Retired Colonel Jill Morgenthaler

March 15, 2016

U.S. Army Major General John H. Stanford was asked about how one becomes a leader. "When anyone asks me that question, I tell them I have the secret to success in life. The secret to success is to stay in love. Staying in love gives you the fire to really ignite other people."

2016-03-07 08:00:00

Happy Anniversary, RSA 2016

By Katherine Teitler

March 07, 2016

Over 40,000 attendees and nearly 550 vendors are getting back to their inbox this week after having attended the gargantuan vendor show otherwise known as RSA. It was RSA’s silver anniversary, and as with each passing year, it gets BIGGER with age!

2016-03-07 08:00:00

Are you Trusted to be a Security Leader?

By Michael Santarcangelo

March 07, 2016

There is no shortage of quotes to capture the importance of trust: hard to earn, easy to lose, and essential to our success as security leaders. Yet a troubling trend is emerging: the trust we need to be successful as security leaders is eroding.

2016-03-01 08:00:00

Secure Privileged Accounts Faster Than Hackers Can Strike

By Jonathan Sander, VP of Product Strategy, Lieberman Software

March 01, 2016

During the past couple of years, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.

2016-02-17 08:00:00

Where the Security Things Are

By Katherine Teitler

February 17, 2016

The security field needs more practitioners. The insanity that is our “always-connected” world necessitates more resources to manage, monitor, and maintain personal and enterprise data – from email accounts to mobile phones to chock-full-of-tech refrigerators.

2016-02-14 12:00:00

The Evolution of Security and the Opportunity of Leadership

By Michael Santarcangelo, founder, Security Catalyst

February 14, 2016

A few decades ago, we advanced information security with a simple phrase: "the Internet is bad, a firewall is good." We linked the dangers of connecting to others online with a simple method of protecting our companies. Now our ever-changing networks face dynamic, evolving threats.

2016-02-12 12:00:00

Lookin’ Out My Backdoor

By Katherine Teitler

February 12, 2016

As debates about privacy versus encryption rage on, with the US, UK, and France on one side and Germany and the Netherlands on the other, Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar decided to take a look at the encryption products market and replicate a study conducted in 1999.

2016-02-10 03:28:00

Pentest or Vulnerability Scan: Which is Right for You?

By Georgia Weidman, founder, Shevirah

February 10, 2016

Almost every morning I wake up and read about another company that has been breached, and consumers' or patients' information has been stolen as a result. It's getting to be so common that social security numbers and credit card numbers posted on dark Web sites sell for less than a dollar each.

2016-02-09 02:00:00

Why OSINT is a BFD

By Katherine Teitler

February 09, 2016

OSINT, or open source intelligence, is information about threats collected from publicly available sources. The CIA defines OSINT as information “drawn from publicly available material.

2016-02-03 03:28:00

Web-blindness: Why Website Security Needs Our Attention

By Katherine Teitler

February 03, 2016

Security professionals spend a lot of time thinking about protecting their back end systems and the information contained therein. They think about the scariest and sneakiest vulnerabilities and what an exploit means in real terms: will this disrupt business operations? Will our company lose sensitive data? Will I be fired?

2016-01-20 14:53:00

Metrics That Mean Something (Aside From Pretty Graphs)

By Kristy Westphal

January 20, 2016

When you think of security metrics, what's the first thing that pops into your mind? OK, after you yawn, what's the first thing? While security metrics themselves may not exude excitement, what if your metrics quickly revealed just the type of information you need that leads to a decision or action that helps solve a business problem?

2016-01-19 03:28:00

When the User Isn’t the Issue

By Katherine Teitler

January 19, 2016

For as long as I can remember, I’ve heard that “users are the weakest link in the chain,” or even worse, “you can’t stop stupid.” This long-held view is not terribly productive to advancing information security, and it certainly doesn’t endear the security professional to the general public.

2016-01-15 03:28:00

The Problem with Perception

By Katherine Teitler

January 15, 2016

In a profession that’s designed around problem identification, it’s no wonder security professionals are often labeled “contrarians” or “trouble makers.” From the outside in, it looks like security’s job is to find problems even when operations are seemingly gliding along smoothly. Security pros are trained to slog through logs and find anomalies.

2016-01-04 14:53:00

Think You’re Ready for DevOps? Try These Tests

By Mike Landeck, CISSP, PCSM

January 04, 2016

As a young man, I was given some advice that seemed too obvious to really be considered advice. It went something along the lines of, "If a person keeps a checkbook that's not accurate or up to date, don't hire them as your accountant..." As DevOps rises in popularity, I am reminded of this adage often.