MIS|TI
  • About MISTI
    • Overview
    • FAQs
    • Management
    • Contact Us
    • Careers
    • Instructor Bios
    • Hotel Information
  • Contact

(508) 879-7999

USA EMEA / APAC
  • Linkedin
  • Twitter
  • Facebook
  • Email Newsletter
USA EMEA / APAC

Event Search

Event Search

  • About MISTI
    • Overview
    • FAQs
    • Management
    • Contact Us
    • Careers
    • Instructor Bios
    • Hotel Information
  • Contact

(508) 879-7999

  • Training
    • Seminars
    • In-House
    • ACL Training
    • Executive Programs
    • Training Weeks
    • Virtual Seminars
    • Certificate Programs
  • Conferences
    • In-Person Events
    • eSummits
    • Expo/Sponsorship Information
    • Event Downloads
    • Request to Speak
    • CISO Events
    • All Events
  • e-Learning
    • Webinars
    • Online Self-Study
    • eSummits
  • Content
    • Internal Audit Insights
    • Infosec Insider
    • Resource Center
  • Quick Links
    • Training Weeks
    • Expo/Sponsorship Information
    • Ways to Save
    • Request Information
    • Request to Speak
    • Newsletter Sign Up
    • Virtual Classroom Information
  • Event Search
  • Training
    • Seminars
    • In-House
    • ACL Training
    • Executive Programs
    • Training Weeks
    • Virtual Seminars
    • Certificate Programs
  • Conferences
    • In-Person Events
    • eSummits
    • Expo/Sponsorship Information
    • Event Downloads
    • Request to Speak
    • CISO Events
    • All Events
  • e-Learning
    • Webinars
    • Online Self-Study
    • eSummits
  • Content
    • Internal Audit Insights
    • Infosec Insider
    • Resource Center
  • Quick Links
    • Training Weeks
    • Expo/Sponsorship Information
    • Ways to Save
    • Request Information
    • Request to Speak
    • Newsletter Sign Up
    • Virtual Classroom Information
  • Event Search
  • Linkedin
  • Twitter
  • Facebook
  • Email Newsletter

Event Search

  2. Home
  3. Infosec Insider

Infosec Insider

ft: Risk f: 2000-01-01t: 3000-01-02c: 2019-09-15
asdf
2019-07-23 05:38:22
Featured Article:

Cloud Security and Privacy Audits: A 360 Degree Crash Course

By Marcos Colon
July 23, 2019
Doug Barbin, principal at Schellman and Company, discusses the challenges that security professionals face when it comes to security and privacy assessments, but also provides tips on which assessments bring in the most return on investment.
2019-07-09 05:49:54

Relentless Resilience Through Renovated Risk Management

By Marcos Colon
July 09, 2019
Updating your risk management program is a critical component of becoming a successful security leader. InfoSec Insider caught up with Argo AI's CSO Summer Craze Fowler who shared her thoughts on the topic, as well as some proven tips.
2019-04-18 05:14:26

Threat Profiling in the ICS World: What You Need to Know

By Marcos Colon
April 18, 2019
There are a slew of threats aimed at industrial control systems, and security warriors in that space need to constantly be on their toes. We caught up with Sergio Caltagirone, vice president of threat intelligence at Dragos, who shared how infosec pros in the ICS world can get started with threat profiling.
2018-12-18 05:58:25

Are You Using These Best Practices to Build a Vendor Risk Management Program?

By Jim Romeo
December 18, 2018
Today's IT playing field implores a higher state of alertness, not only within your enterprise but also outside of it. However, when it comes security, not all vendors are created equal. Some very likely have inferior security hygiene and practices that can affect you big time. 
2018-11-29 05:54:58

Considerations for Cloud Service Providers on the Path to FedRAMP Accreditation

By Baan Alsinawi
November 29, 2018
The government has urged the private sector to offer agencies secure cloud solutions through the FedRAMP accreditation, which establishes baseline standards for security assessment, authorization, and continuous monitoring. Here, we provide six key considerations to help guide FedRAMP accreditation efforts.
2018-08-14 05:38:38

GDPR is Here...So What's Next?

By Heather Dean Bennington
August 14, 2018
GDPR was a major focus for many organizations this year. Whether it has been extensive business process mapping, understanding the purposes of personal data, or defining its scope. But now that it's here, what should security professionals focus on next?
2018-08-02 05:24:02

Tips on Creating Your Own Bug Bounty Program

By Marcos Colón
August 02, 2018
Bugcrowd Founder Case Ellis discusses the evolution of bug bounty programs and their impact on information security, in addition to providing tips on the key areas to focus on when it comes to developing a bug bounty program at your organization.
2018-07-03 05:46:00

Threat Modeling: What, Why, and How?

By Adam Shostack
July 03, 2018
Threat modeling is essential to becoming proactive and strategic in your operational and application security. In this feature article, you'll learn what threat modeling is, how it relates to threat intelligence, and how and why to start.
2018-06-21 05:38:49

Cover Your Bases: Areas to Focus on in Your Information Security Strategy

By Marcos Colón
June 21, 2018
Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.
2018-05-15 06:16:00

Crisis Communications in a Headline-Driven World

By Katherine Teitler
May 15, 2018
Media communication in the face of a cybersecurity incident often gets the shaft in favor of incident handling, but what you don't handle can come back to haunt you.
2018-04-17 06:16:00

Cybersecurity Executives Misalign Concerns with Actions

By Katherine Teitler
April 17, 2018
Cybersecurity teams seem to understand their biggest areas of challenge, yet the action to put effort behind remediating those problems falls short.
2018-04-05 06:16:00

How to Avoid Becoming the Security Scapegoat

By Katherine Teitler
April 05, 2018
When a company falls victim to a cyber incident, security personnel are often in the line fire--especially when they've focused only on the technical side of the job. Here we provide some tips that can lessen the chances that any one person will bear the absolute blame.
2018-04-03 06:16:00

Five Cyber Risks Your Organization is Likely to Encounter

By Katherine Teitler
April 03, 2018
Today's threat landscape is like a tentacled sea monster that security practitioners have to battle on a daily basis. In this feature story, we highlight the top five most likely cyber risks to organizations today.
2018-03-27 06:16:00

NIST Addresses IoT Security Concerns as Lawmakers Float Certification

By Katherine Teitler
March 27, 2018
With more everyday products being built with internet connectivity capabilities, cybersecurity practitioners have become concerned about the security and privacy of those devices. The state of IoT security is pretty grim, but will proposed guidance and regulations improve processes?
2018-03-22 06:24:19

The Challenges of Measuring Information Security Performance Today

By Marcos Colón
March 22, 2018
InfoSec Insidercatches up with NSS Labs CEO Vik Phatak who discussed what the state of measuring security performance is today, what approach practitioners should be taking, and the common mistake that security pros make when it comes to purchasing security solutions.
2018-03-20 06:16:00

Third-Party Vendor Relationships are Risky Business

By Katherine Teitler
March 20, 2018
While third-party vendor relationships can provide tremendous benefits, partnering does not relieve the primary organization of its security and compliance obligations.
2018-03-16 06:16:00

The Security Game Needs to Change if you Want Developers to Play

By Matias Madou
March 16, 2018
Secure Code Warrior's Matias Madou shares how security and development teams can come together for better collaboration.
2018-03-15 06:16:00

A Brief Guide to Cybersecurity for SMBs

By Katherine Teitler
March 15, 2018
Small- and medium-sized companies must be vigilant about cybersecurity--even if they don't have the staff to handle it internally.
2018-03-12 06:16:00

Surviving the Walking Dead: Fending off Social Zombies at InfoSec World

By Tom Eston
March 12, 2018
IoT, home automation, government surveillance, and new privacy regulations all pose a challenge to your organization, but you don't have to let those challenges eat you alive.
2018-02-13 06:50:59

Phishing Scams: Fact or Fiction?

By Karl Sigler
February 13, 2018
Phishing attacks aren't going anywhere any time soon. In fact, these scams have only grown in popularity among attackers. This helpful article dispels the four common phishing myths to help employees and outside partners be even more adept at identifying these crimes.
2018-02-01 06:16:00

5 Ways to Make Your IR Plan Actionable

By Katherine Teitler
February 01, 2018
If you're looking to ensure that your cyber incident response plan doesn't turn into shelfware, here are five ways to make it actionable. 
2018-01-23 06:16:00

How Artificial Intelligence Fits into Your Cybersecurity Strategy

By Katherine Teitler
January 23, 2018
Artificial intelligence expert, Vijay Dheap, helps separate fact from fiction and provides guidance for companies looking into using AI as part of the defensive security strategy.
2018-01-09 06:16:00

The Latest Infosec Vulnerability Meltdown: From the Viewpoint of a Cloud Researcher

By Katherine Teitler
January 09, 2018
In this follow-up article, cloud researcher Mark Nunnikhoven gives us his take on the Meltdown and Spectre vulnerabilities, which can exploit flaws in modern processors. Nunnikhoven provides us with the potential implications that you should take note of.
2018-01-08 06:16:00

The Latest Infosec Vulnerability Meltdown: From the Viewpoint of a Security Consultant and Entrepreneur

By Katherine Teitler
January 08, 2018
An interview with industry veteran Aaron Turner that helps demystify the probable consequences of Meltdown and Spectre, the two headline-grabbing security vulnerabilities capable of exploiting critical vulnerabilities in modern processors. Turner breaks down what you should do.
2017-12-18 05:56:00

How to Mitigate Cyber Risks through Cyber Insurance

By Katherine Henry & Brendan Hogan, Bradley Arant Boult Cummings LLC
December 18, 2017
Cybersecurity professionals can provide valuable input in their companies’ procurement of cyber insurance, and should be involved in all phases of cyber insurance procurement and management. Here are some important areas you should focus on.
2017-12-12 06:16:00

Hacked Websites: How Weak Security Impacts Us All

By Todd O'Boyle
December 12, 2017
Attackers are increasingly targeting vulnerable WordPress websites to prey on innocent users...because it's easy.
2017-12-06 06:46:00

Canary Management…I Mean Change Management

By Joshua Marpet
December 06, 2017
Your change management process is tightened up and locked down, right? No, well, read on.
2017-12-04 07:46:00

Despite Technology Advances, Cybersecurity Programs Aren’t Keeping Pace

By Katherine Teitler
December 04, 2017
Cybersecurity teams have made advances against modern-day adversaries, but not at the pace they need to be to make a true impact against exponentially growing threats.
2017-11-29 07:46:00

Becoming a Transformational CISO

By Katherine Teitler
November 29, 2017
Qualys's Mark Butler shares why CISOs must be more than security practitioners who keep their organization's data safe.
2017-11-08 07:46:00

Trump’s Twitter Deactivation Reminds Us to Check Our Change Management

By Katherine Teitler
November 08, 2017
One rogue employee or unauthorized user can significantly impact your organization's information security risk...if you let them.
2017-10-04 06:09:00

Risk Management as an Iterative Cycle

By Katherine Teitler
October 04, 2017
Dave Lewis, Global Security Advocate at Akamai Technologies, explains why organizations need to build the security program around people and processes.
2017-10-02 07:46:00

States Push for Consumer Protection in Credit-Related Data Breaches

By Katherine Teitler
October 02, 2017
The Equifax data breach has spurred two state attorneys general to draft legislation that places the onus for lost credit-related data on the credit bureaus themselves.
2017-09-28 06:09:00

Information Security Leadership is About People

By Katherine Teitler
September 28, 2017
Tom Eston shares his thoughts on what it takes to become a leader, and why it's important for security practitioners to do so.
2017-09-21 06:09:00

Using Media’s Spotlight to the Security Team’s Advantage

By Katherine Teitler
September 21, 2017
Mark Bulter discusses how security leaders can leverage media attention to accelerate the security program and drive innovation.
2017-09-14 07:46:00

Threat Modeling and Architecture

By Adam Shostack
September 14, 2017
A follow up to his piece, "Rolling Out a Threat Modeling Program," Adam Shostack discusses threat modeling in the architecture process.
2017-08-23 05:27:00

Security is a Skill Set, Not a Tool

By Katherine Teitler
August 23, 2017
Adrian Sanabria shares why tools acquisition isn't the answer to your information security woes, and explains how teams can increase efficacy without increasing expenditures.
2017-08-17 07:46:00

How Governors are Jumpstarting Cybersecurity at the State Level

By Katherine Teitler
August 17, 2017
Governors from 38 states have decided it’s time to take cybersecurity initiatives into their own hands.
2017-08-09 07:27:00

What Happens When In-Network Traffic is Your Biggest Threat?

By Katherine Teitler
August 09, 2017
In a network perimeter-less world, enterprise security practitioners need ways to verify the authenticity of applications and the devices and users running those applications; firewalls just fall short.
2017-08-01 07:46:00

Can the “Right to be Forgotten” Lead to Better Data Security?

By Katherine Teitler
August 01, 2017
Should individuals have the right to have their data removed from search engine results and providers' systems, and what impact would that have on information security?
2017-07-26 07:46:00

Revisiting the Security Roadmap

By Katherine Teitler
July 26, 2017
A security roadmap is a powerful tool for aligning security processes with business requirements and goals, and improving the general efficacy of the security program.
2017-07-13 07:46:00

New Attacks Mean Back to Basics…Again

By Katherine Teitler
July 13, 2017
Information security cannot be bought; organizations need to focus on security fundamentals to ward off the latest and greatest cyber attacks.
2017-07-10 07:46:00

Rolling Out a Threat Modeling Program

By Adam Shostack
July 10, 2017
As a leader, you need to be able to see the forest and chart a path through it. 
2017-06-30 07:46:00

Security vs. Humans: Techniques for Dealing with Social Engineering Threats

By Katherine Teitler
June 30, 2017
Social engineering works. Which is why threat actors take advantage of humans’ innate trust in others.
2017-06-28 07:46:00

PetyaWrap is Wannacry’s Honey Badger Upgrade

By Adrian Sanabria
June 28, 2017
A honey badger, like the Petya ransomware, waits to see if you make the mistake of underestimating it.
2017-06-19 07:46:00

Incident Response is About More Than Responding to Incidents

By Katherine Teitler
June 19, 2017
Incident response preparedness is an integral part of every organization’s cybersecurity program. 
2017-05-30 07:46:00

Why Customer Service is a Big Part of Your Security Job

By Katherine Teitler
May 30, 2017
Not too long ago an acquaintance sent me a frantic instant message, thinking she might have accidentally downloaded malware after clicking on an email attachment.
2017-05-29 06:16:00

Why Your Risk Management Practice Shouldn’t be On-Trend

By Ed Moyle
May 29, 2017
The security community often gets caught up in the latest and greatest tools and technologies, using those trends as a way to garner attention for the security program. But this strategy can backfire when it comes to real risk management and how seriously security is taken.
2017-05-25 07:46:00

Why the C-Suite is Your Biggest Shadow IT Risk

By Katherine Teitler
May 25, 2017
Shadow IT is problematic in the best of circumstances. In the worst cases, it poses a massive cybersecurity risk to the entire organization.
2017-05-24 07:46:00

Tackling Cellular Vulnerabilities

By Aaron Turner
May 24, 2017
Enterprise security professionals have been lax in our demands for visibility into how cellular networks put our organizations at risk. 
2017-05-23 07:46:00

Cyber Hygiene Issues Exposed with WannaCry

By Katherine Teitler
May 23, 2017
Unless you’ve been living under a rock, you’ve heard about the WannaCry Ransomware attack.
2017-05-22 07:46:00

Malicious Insiders Are a Huge Problem But You Have a Bigger Issue

By Christy Wyatt
May 22, 2017
Aside from corporate data and proprietary intellectual property, employees are the greatest assets to companies.
2017-05-17 07:46:00

WannaCry: A Media Maelstrom Without Much Actionable Advice

By Katherine Teitler
May 17, 2017
Touted as the largest Ransomware attack in history by the media, WannaCry is certainly on the tips of tongues of corporations and consumers everywhere. 
2017-05-10 07:46:00

SS7 Exploit Proves New 2nd Factor Authentication Methods are Needed

By Katherine Teitler
May 10, 2017
Two-factor authentication (2FA) is held up by the information security community as one of the most effective ways to mitigate credential stealing and avoid account compromise. 
2017-04-20 13:46:00

Putting The Brakes On Hacked Cars

By Chris Hardee
April 20, 2017
Your average car has between 3 million and 10 million bugs buried somewhere within its code, but some carmakers are making an effort to update their cars.
2017-04-12 13:46:00

Staying in Front of the Development Lifecycle is the Key to Secure Apps

By Katherine Teitler
April 12, 2017
With the average number of web apps in use by organizations on the rise, unpatched vulnerabilities heighten risk, not just for specific users of that application, but for the entire organization. 
2017-03-31 08:00:00

Focusing on Fundamentals in the Software Development Process

By Joshua Marpet
March 31, 2017
The typical software application is built to be sold, to send that code out the door as fast as possible so it can generate money for the company. But where does that leave security?
2017-03-22 08:00:00

The State of Cyber Safety

By Katherine Teitler
March 22, 2017
As if protecting organizational systems from data theft and abuse weren’t a big enough challenge, “Poor cybersecurity hygiene is now having life-altering effects” says one industry expert. 
2017-03-21 08:00:00

What is the Best Security Framework for your Business?

By Dominic Vogel
March 21, 2017
Cybersecurity frameworks are quite similar to relationships—you get out of them what you put into them. To some extent, we have all waded into the waters of cybersecurity frameworks.
2016-12-16 08:00:00

How Well Will Your Organization Withstand a Cyber Attack?

By Katherine Teitler
December 16, 2016
While security practitioners are thinking about exploits, vulnerabilities, controls, and threat actors’ TTPs, what executives really want to know is, “When the company is the victim of an attack, what effect will that have on the rest of the company, and how quickly can employees resume?"
2016-11-16 08:00:00

What the Board Wants to Know about Security and Risk

By Katherine Teitler
November 16, 2016
Today, many organizations’ executive teams and boards of directors conflate cybersecurity and risk. Risk management is a broader practice than security alone, but cybersecurity is an increasingly “big ticket item” on boards’ agendas—alongside other more traditional risk discussions—since it’s clear that a major breach can impact the organization in meaningful ways. 
2016-10-12 08:00:00

Practicing Risk Management

By Katherine Teitler
October 12, 2016
Risk management practices date as far back as the Renaissance period, but modern-day risk management, the version we all know and love/hate today, started taking shape only about 40 years ago when risk managers—mainly focused calculating insurance at the time—started looking for alternatives to insurance policies to manage risk.
2016-10-07 08:00:00

Where is all the Security Talent?

By Katherine Teitler
October 07, 2016
Rumblings about the security talent deficit are pervasive. Just like news of recent breaches, it’s hard to get through a week without reading an article, viewing a webcast, or attending a conference during which the subject is not addressed. 
2016-09-08 10:00:00

Interested in Becoming an InfoSec Pro? Here’s Some Sage Advice

By Marcos Colón
September 08, 2016
Unless you're oblivious to the news, you're well aware that the information security industry is getting a lot of attention. Be it the headline-grabbing breaches taking place on a seemingly frequent basis, or the fact that the number of digital internet-connected devices per capita is increasing constantly.
2016-08-17 08:00:00

The CFP Process Isn’t as Scary as you Think

By Katherine Teitler
August 17, 2016
Calls for presentations: Depending on whom you ask, CFPs are either a great opportunity for subject matter experts to display knowledge and vie for a coveted spot on a conference program, or an absolute nightmare, as the intended speaker carefully calculates the best topic to submit.
2016-08-09 08:00:00

A Seeming APT has Been Discovered by Symantec and Kaspersky

By Katherine Teitler
August 09, 2016
Symantec and Kaspersky Lab simultaneously released information yesterday on “Strider” and “ProjectSauron” respectively. Strider, the attacker group, has reportedly been using a stealthy piece of malware called “Remsec” (Backdoor.Remsec) as part of ProjectSauron to spy on a small number of highly valuable targets in China, Russia, Belgium, and Sweden. 
2016-08-01 08:00:00

So You Say You Want to be a Pentester

By Katherine Teitler
August 01, 2016
Penetration testing is a mandatory component of any thorough information security program, as security pros know. Company networks are vast and complex, and security teams have the (often thankless) job of protecting everything that falls under the general category of “IT” or “IS.”
2016-07-26 08:00:00

BC/DR Planning isn’t a “Someday” Activity

By Katherine Teitler
July 26, 2016
Security teams spend a fair amount of time thinking about incident response. The probability of an information security incident occurring forces teams to consider how to manage intrusions, leaks, and other security vulnerabilities or exploits. 
2016-03-17 08:00:00

Why The Pentagon’s New Bug Bounty Program is Sending a Strong Message

By Katherine Teitler
March 17, 2016
Everything is heating up on Capitol Hill: President Obama is proffering a new Supreme Court Justice nominee. The next presidential race is as much a circus as it is a true campaign. Apple and the FBI are still going at it (while other government agencies have started speaking out in favor of encryption).

CPE imageMIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.  

Copyright ©2019 MIS Training Institute Holdings, Inc. All rights reserved.  
Contact Us | Privacy | Terms and Conditions | Cookie Policy | Site Map Regional Preference