• The evolution of vendor risk management in financial institutions

    Shifting from a model mainly focused on questionnaires and assessments, many institutions and regulators are moving away from these more subjective, trust based practices and looking for solutions that will allow organizations to monitor and verify the controls that are in place to guarantee security and privacy requirements are being met. Responsibility for vendor management has also moved from the domain of procurement and sourcing teams into the realm of IT and Risk Managers, in order to better integrate vendor risk management with broader enterprise risk management strategies.

  • Information security innovation and research

    Sin-Yaw Wang is the Vice President of Engineering at WatchGuard Technologies. In this interview he talks about the the main challenges for delivering innovative information security technologies as well as long-term investments in security R&D.

  • Preventing fraud through enterprise password management

    A few simple steps can go a long way to making things much more difficult for individuals to commit fraud. The first step is a strong password policy. For example, make sure passwords meet the strictest security requirements. This is possible by using passwords with a minimum number of characters – say, seven -- setting maximum password validity of between 30 and 90 days, and requiring random using special characters, capitals, small letters and digits.

  • When it comes to patient data privacy, compliance and security differ

    Why healthcare organizations – from hospitals, physician groups, pharmacies and others that process healthcare data – haven’t done more on the security front?

  • Protecting healthcare records from cyber attacks is a game of cat and mouse

    The never-ending battle between healthcare organisations and cyber attackers has always been like a game of cat and mouse. The hacker plays the role of the mouse, constantly trying to sneak past the company’s cat that is guarding information. For years, the cat not only consistently beat the mouse, he would help his fellow cats identify new mice and keep them out of their cupboards too. But as the successful data breaches over the past year demonstrate, including one earlier this year that made headlines after millions of health insurance records were compromised, the mice are now kicking the cats in their tails.

  • Smartwatches and corporate data

    I was super excited when my wife got me a smartwatch. In addition to the geeky coolness factor of a smartwatch, being a long-time security professional I was also interested in the security implications in a BYOD or corporate issued device scenario. Would this allow a new way for users to access corporate data? Is it possible to block these devices? And what other implications had I not considered?

  • Hack yourself first: How we can take the fight to the black hats

    Threats are no longer posed solely by those countries or cybercriminal networks with the financial means to carry out attacks. This both raises the stakes and levels the playing field for attackers and defenders. Many threat intelligence analysts agree that 2015 will see an uptick in state-sponsored cyber activity, as smaller countries realize that for a relatively small return they can punch well above their weight on the world stage. In short, it is no longer necessarily an expensive undertaking to launch damaging attacks against our governments and corporations.

  • A few small steps for man, a giant leap for online security

    The online world is vast. Just follow these straightforward tips, which will make it harder for hackers, and keep you secure.

  • 3 ways to advocate for data security at your company

    There’s an unfortunate tendency among many businesses to rank data security well below other functions. It’s a familiar story: firms slash resources at the first sign of a budget shortfall and otherwise invest anemically in security personnel or tools. “If we’re in compliance with industry rules or regulations,” says leadership, “that’s enough.” But it’s not enough.

  • HITB Haxpo: Connecting hackers, makers, builders and breakers

    Youri van der Zwart is running HITB Haxpo - a free exhibition for hackers, makers and software developers taking place alongside the Hack In The Box conference in Amsterdam, 27th - 29th May 2015.

Videos      Podcasts


What IT skills are in demand?

IT security tops the list of skills that teams need most, and one out of five reported having difficulty finding skilled talent for cloud initiatives. Companies are also looking for pros who have skills in network engineering, systems engineering, IT architecture and network operations.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Apr 17th