Organizations in all sectors "need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, says consultant Ed Amoroso, former AT&T chief security officer.
As CISO at Hearst Corp., David Hahn's security strategy must be mindful of the challenges and brand risks for well-known media properties, including ESPN and Esquire, as well as smaller, lesser-known units within the corporation. Each requires a risk management strategy.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.
Organizations need to adopt a "threat hunting" approach to managing risk, striving for early detection of anomalies, says Anuj Tewari, CISO at HCL Technologies, an India-based multinational IT service company
Hiring managers will need to get increasingly creative to find talent to fill their vacant information security positions, particularly in a shallow talent pool that is forecasted to get even thinner. Experts in the hiring trenches offer seven key tips to consider.
EDR (endpoint response and detection) products are powerful tools that provide a play-by-play of exactly what happened on a computer during and after an attack. But the products require the right expertise to get the most value, a Gartner analyst says.
Researchers claim that the startup company Creditseva, which helps individuals manage credit profiles, left client data exposed, but the company says there was no "breach." Security experts discuss the security challenges faced by startup companies.
The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.
From a security perspective, moving your applications and data to AWS does not necessarily eliminate or minimize your security challenges. Regardless of their location - public, private cloud or physical data center - your applications and data are an attacker's target, and protecting them in AWS introduces the same...
As business-centric groups continue to drive adoption of the public cloud, security teams are not always involved in the process. Dialogue between the security and business groups to achieve a public cloud architecture and deployment that accounts for both groups' demands is essential to effective...
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
Hackers have been targeting the Scottish Parliament in a "brute force cyberattack" aimed at guessing users' email passwords. Security experts say it's unlikely that state-backed attackers would resort to such a blunt assault.
Philips plans to fix alarming vulnerabilities in a web-based application used to track patient radiation exposure. Versions of the DoseWise Portal mistakenly shipped with errors, including hard-coded credentials for a database and lack of encryption for patient data.
Digital transformation is redefining how companies do business internally and across the marketplace. While this business-driven initiative is fueling brand new forms of optimization, it is making it much more difficult to secure the most valuable assets of an organization. As a result, security risk management has...