• Understanding PCI compliance fines: Who is in charge of enforcing PCI?

    If your business stores, processes, or transmits data from payment cards, then you are subject to the requirements of the PCI DSS. This set of security controls is designed to help merchants combat data theft, protecting both consumers and merchants’ own reputations. When a business fails to satisfy those rules, they can be subject to significant financial penalties. But who exactly is in charge of enforcing PCI?

  • Unsharing in the sharing economy

    Data must be shared for business to happen, and it cannot be quarantined into a single firewalled network. Businesses that are tuning into the benefits of connectedness and personalization are able to do this because they are also learning how to unshare. It’s something of an abstract concept but it’s also an interesting way of talking about what people are after – they want to share without losing control over their data.

  • The difficult task of meeting compliance needs

    Compliance is a complex issue in many industries and organizations know all too well that there are major fines and potential punishments for not meeting the laws and regulations. Some major compliance regulations in the United States, including the Health Insurance Portability and Accountability Act (HIPPA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX), require businesses to ensure certain standards within their organizations, including protection of data and full disclosure.

  • 3 ways to stop insider threats in your organization

    No one wants their organization to be the next poster child for a major informational breach. No one wants their company to make headlines for having their data compromised or stolen. No one wants their governmental agency to become the example of what not to do in security IT.

    Mitigating insider threat is critical to keeping your organization from becoming the next cautionary tale of poor informational security practices. With that in mind, here are three key strategies to limit insider threat in your organization.

  • Mobile SSL failures: More common than they should be

    Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS usage on the Android operating system and applications, as well as on iOS and Windows 8 mobile.

    In this podcast recorded at the Hack in the Box conference in Amsterdam, Trummer, who's a Staff Information Security Engineer at LinkedIn, points out the most common mistakes organizations make when implementing SSL/TLS, and gives instructions on how to avoid them.

  • Why is ERP security so difficult?

    ERP (Enterprise Resource Planning) security has been all over the news lately. From high profile breaches, like the recent U.S. Office of Personnel Management breach, to researchers presenting vulnerabilities in ERP systems at recent security conferences, the visibility of ERP in the security community has never been higher.

    Still, many security professionals aren’t familiar with how ERP systems work and the complexities involved in properly testing them. Why are ERP systems different than other systems?

  • What a business leader should know about the cloud and its impact

    Great companies see business risks as opportunities, and execute strategies accordingly. Such a mentality is compatible with emerging technologies. IT plays a vital role in the deployment of new strategies that mitigate business risk. With the proliferation of so-called cloud services, the execution has become less complicated. The cloud is no longer an emerging phenomenon, and the number of vendors and services offered with the “cloud“ badge has been exploding. Indeed, there are very few companies in the world that are not currently using cloud services in some form.

  • Never underestimate the impact of a data breach

    The growth of cyber-crime and the impact of successful attacks on an organization's bottom-line should not be underestimated; it is anticipated that data breaches will cost businesses up to £1.3tn by 2019, with new threats emerging at the astonishing rate of 390,000 per day. As the threat landscape continues to grow, the responsibility for guarding against damaging cyber attacks and protecting corporate data will lie with all employees.

  • Why location-based social media data is critical for security

    The volume of social content is massive – one billion monthly active users, 500M daily tweets, 70M photos and videos shared everyday based on data from Twitter, Instagram and YouTube alone. There must be an effective strategy in place for listening to and analyzing the sometimes-critical data it brings and turning it into valuable, actionable information for security purposes.

  • We don't know what we don't know

    Citing the latest cyber security statistics is a popular way for security companies to show that they are keeping a watchful eye on the threat landscape. Where does the majority of threats come from? What industries are being targeted? Which countries are involved? Which mobile OS is better? We want answers to these and dozens of questions more, and we want those answers in nice, concise, tweetable metrics.

    But the problem is that we simply don’t know. Sure, some companies claim to know, but here’s a secret: they’re wrong. They might know something, probably even a lot, but not everything.

Videos      Podcasts


The Internet of Things is unavoidable, securing it should be a priority

The Internet of Things (IoT) started like any other buzzword: poorly defined, used too often, and generally misunderstood. However, it stood the test of time and is now increasingly becoming part of everyday language, even with those outside the IT world.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jul 27th