• A holistic approach to protecting intellectual property

    Protecting intellectual property (IP) is high priority for security professionals, but IP can be a vague term. What exactly is included under the umbrella of IP? And whatís the best way to protect IP within an organization?

  • Aligning risk analysis and IT security spending

    IT security spending should be aligned with risk analysis results. Too frequently, though, this is not the case.

    Thought leaders in information security have been describing a shift in security control effectiveness over time from network-based, to application-based, and ultimately to data-centric security.

  • Overcoming Big Data security obstacles

    When it comes to security, Big Data can be the cause of many obstacles. As Big Data often contains enormous quantities of personally identifiable information, privacy becomes a very real and primary concern.

    The consequences of a security breach affecting Big Data can be more devastating than the consequences of other breaches as it will affect a significantly larger group of people. As a result, not only will the damage be reputational, but there will also be significant legal ramifications that an organization then has to deal with.

  • Enterprises must prepare for attacks on supply chain and POS in 2015

    One thing is certain Ė there is plenty of job security in the business of protecting data. Attackers keep upping their game therefore, so must we. 2014 can be characterized in a number of ways: the year of (another) mega breach, the year of supply chain attacks, the year POS systems lost their credibility.

    For these reasons and many, many others, the infosec industry must step up. Likewise, businesses of all shapes and sizes must prioritize information security discussions similar to sales and supply planning. In 2015, I believe we will see advances from both the bad guys and, because Iím an optimist, in enterprise response. Here are my top 5 predictions for what we see in 2015.

  • Three branches of security: Strengthening your posture with checks and balances

    With Election Day around the corner, we thought it an appropriate time to take a look at the checks and balances model that has served the United States well for over two centuries, and think about how it might apply to a more modern challenge Ė securing your enterprise. A checks and balances approach aims to make sure all of the pieces work together to strengthen your overall posture.

  • Targeting security weaknesses in the phone channel

    Banks, retailers and credit card companies all use call centers to provide services. Those call centers represent one of the most attractive targets for fraud attacks. While online security has been a top priority for organizations over the past decade, the phone channel has not seen similar innovation.

    In fact, security on the phone channel has been static for nearly 40 years. Adding to the problem, when institutions strengthen online controls, fraudsters often shift their efforts to a less protected area of the enterprise Ė the call center.

  • Fixing the broken windows of software security

    Education changes the culture and guides developers toward an understanding that security should be an inherent attribute of all software they produce. This cultural shift is significant because, within an organization and globally, developers set standards for other developers. They also educate newcomers, reducing the need for education over time.

  • Automation is the key to successful policy implementation

    Organizations today are facing increased pressure to collect and store massive amounts of data. Regulatory guidelines, storage costs, and the promise of Big Data have encouraged and allowed this growth. With this explosion of data collection and the influx of information flooding inboxes, enterprise collaboration systems, and interactive gateways, previously effective approaches to monitoring and regulation of electronic data are becoming impractical. With data everywhere, people, processes, education and automation become more critical to the successful implementation of a compliance program.

  • Explaining infosec magic to kids

    Magic! Itís the basis for countless childrenís stories filled with adventure and excitement. Itís also how many kids think cyberspace works. Thereís nothing like seeing our childís reaction when the slight of a magicianís hand produces marvelous results. However, as cyber professionals we know the Internet is no illusion. A technical understanding of their digital lives is a crucial life lesson for todayís young generation.

  • Think before you share that file

    Various file-sync-and-share providers have made headlines for their inadvertent data leaks. These events shine a light on some of these file-sync-and-share servicesí shortcomings and beg the question of whether enterprises should be allowing such services in their business operations at all.

Videos      Podcasts


Overwhelming optimism for information security in 2015

Posted on 19 November 2014.  |  Expectations for data security next year are surprisingly optimistic given the harsh reality of 2014. Enterprise security staffers are so confident that most respondents said they would "personally guarantee that their company's customer data will be safe in 2015."

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Nov 20th