• A few small steps for man, a giant leap for online security

    The online world is vast. Just follow these straightforward tips, which will make it harder for hackers, and keep you secure.

  • 3 ways to advocate for data security at your company

    There’s an unfortunate tendency among many businesses to rank data security well below other functions. It’s a familiar story: firms slash resources at the first sign of a budget shortfall and otherwise invest anemically in security personnel or tools. “If we’re in compliance with industry rules or regulations,” says leadership, “that’s enough.” But it’s not enough.

  • HITB Haxpo: Connecting hackers, makers, builders and breakers

    Youri van der Zwart is running HITB Haxpo - a free exhibition for hackers, makers and software developers taking place alongside the Hack In The Box conference in Amsterdam, 27th - 29th May 2015.

  • Black hole routing: Not a silver bullet for DDoS protection

    As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

    Traditional techniques of defense include SYN-cookies, SYN-proxy, redirects, challenges, and of course the black hole routing technique to name a few. Most of these techniques have been around since the early 2000’s when DDoS attacks first began to surface.

  • Continuous Diagnostics and Mitigation capability requirements need re-prioritization

    There is a lot to like in the $6 billion Continuous Diagnostics and Mitigation (CDM) program being administered by the DHS across more than 100 federal civilian agencies. The DHS has done an excellent job creating 15 different capabilities broken up into four implementation phases that agencies need to have to strengthen their cybersecurity postures. These measures will also be used to build cybersecurity dashboards that will be reviewed by the Office of Management and Budget (OMB) for determining funding levels and will get congressional review.

  • Declaring personal data bankruptcy and the cost of privacy

    In the digital economy, your data profile has value, but judging from what I watched happen recently in a London shopping mall, a lot of us give it away for free.

    At the Westfield shopping center in Shepherd’s Bush, a long line of Britons waited to surrender valuable personal information – demographic details, shopping habits, brand preferences, and more – in exchange for a free bar of chocolate. Really. How did the collector, a prominent British retailer, intend to use this bounty? None of the data donors I observed seemed to care. Not one paused to read the posted privacy disclosure statement. That could turn out to be one costly chocolate treat.

  • BYOD: Better stay used to it

    BYOD is a common trend in organizations today. Businesses may be thrilled they don’t have to pay for tablets or smartphones for their workforce and don’t usually have to maintain and fix them. But businesses now have to secure all these devices and endpoints.

  • RSA Conference 2015: Showcasing the future of information security

    Linda Gray is the General Manager of RSA Conferences. In this interview she talks about the growth of RSA Conference, outlines the threats that helped shape this year's agenda, and highlights sessions, speakers and trainings.

  • Are organizations ready for the embedded computing takeover?

    It is bordering on cliché to acknowledge that the Internet is a double-edged sword. As time goes by, the statement takes on even greater significance, in light of its ubiquitous presence in every aspect of our lives. When all companies had to worry about was controlling employee access to non-work-related activities such as social media, or shopping sites, securing the organization network against threats was relatively clear-cut. Simply deploy a Web access management solution and block access to the potentially troublesome sites. Unfortunately, this has changed.

  • Kill Chain 3.0: Update the cyber kill chain for better defense

    If you’re in infosec, you’ve surely heard of the kill chain - a defense model designed to help mitigate more advanced network attacks. The kill chain consists of seven proposed phases of an (external) network attack; the idea being each phase is an opportunity for specific types of defense.

Videos      Podcasts


Banks and IT security: The elements of success

Nathan Horn-Mitchem, VP, Information Security Officer at Provident Bank, talks about delivering and maintaining IT security for 80 branches of the bank.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Mar 27th