Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Tip
20 Nov 2024
4 types of access control
Access management is the gatekeeper, making sure a device or person can gain entry only to the systems or applications to which they have been granted permission. Continue Reading
-
Tip
20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM
Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
-
News
13 Apr 2018
Cybersecurity AI hype matures at RSAC 2018
Top submissions to the RSA Conference 2018 indicate that the hype cycle around cybersecurity AI may be maturing, while diversity gets a lower ranking on the hot topic list. Continue Reading
-
Podcast
12 Apr 2018
Risk & Repeat: RSAC 2018 trends focus on AI, blockchain
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the big questions ahead of RSA Conference 2018, as well as notable sessions and speakers scheduled for the event. Continue Reading
-
News
11 Apr 2018
Ransomware threat tops Verizon Data Breach Report
After years of climbing the ranks in the Verizon Data Breach Investigations Report, the ransomware threat has finally taken the top spot as the most prevalent malware type. Continue Reading
-
Conference Coverage
11 Apr 2018
RSAC 2018: Special conference coverage
Find out what's happening at the information security industry's biggest event with breaking news and analysis by the SearchSecurity team at the RSA Conference 2018 in San Francisco. Continue Reading
-
Podcast
06 Apr 2018
Risk & Repeat: New revelations in San Bernardino iPhone case
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the OIG report's findings on the FBI's effort to unlock the iPhone of one of the San Bernardino terrorists. Continue Reading
-
Tip
30 Mar 2018
Imran Awan case shows lax security controls for IT staff
Investigations into the conduct of the IT staff of the House of Representatives raised alarms. Kevin McDonald explains what we can learn from the case of Imran Awan. Continue Reading
-
Podcast
30 Mar 2018
Risk & Repeat: IBM Think 2018 highlights AI, blockchain
In this week's Risk & Repeat podcast, SearchSecurity editors recap IBM Think 2018 and discuss Watson's Law and Big Blue's pledge to keep user data safe from misuse and exposure. Continue Reading
-
News
30 Mar 2018
IBM Security looks to incident response services for growth
While IBM has made significant investments in acquiring cybersecurity vendors in recent years, the company now is turning its attention to security services like incident response. Continue Reading
-
News
29 Mar 2018
RSA Innovation Sandbox highlights threat detection, AI
Security startups competing in this year's RSA Innovation Sandbox will present new offerings for threat detection, cloud security, artificial intelligence and machine learning. Continue Reading
-
Blog Post
27 Mar 2018
RSA Conference keynotes miss the point of diversity
RSA Conference keynotes now include a handful of distinguished women, but very few will be speaking about cybersecurity, falling short of truly equal representation. Continue Reading
-
News
27 Mar 2018
Five days after Atlanta ransomware attack, recovery begins
After battling the fallout from an Atlanta ransomware attack for five days, Mayor Keisha Bottoms said City Hall has finally begun to recover and turn systems back on. Continue Reading
-
News
23 Mar 2018
CLOUD Act stirs tension between privacy advocates and big tech
Privacy advocates criticize Congress for passing the CLOUD Act as part of the omnibus spending bill, while big tech companies have expressed support for the controversial legislation. Continue Reading
-
News
21 Mar 2018
Durov refuses to hand over Telegram encryption keys to FSB
CEO Pavel Durov continued to assert that Telegram encryption keys will not be shared with the FSB, despite the Russian Supreme Court denying the company's appeal. Continue Reading
-
Podcast
21 Mar 2018
Risk & Repeat: OURSA takes RSA Conference to task
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the emergence of OURSA to highlight diversity and the RSA Conference's lack of female keynote speakers. Continue Reading
-
Tip
05 Mar 2018
Continuous security monitoring advances automated scanning
Battling threats in today's fast-paced cyberworld means shutting down vulnerabilities fast, which requires round-the-clock monitoring. Learn how to make it happen in your company. Continue Reading
-
News
02 Mar 2018
Cellebrite claims it can unlock Apple devices, but questions remain
News roundup: Cellebrite claims it can unlock Apple devices, according to a Forbes report. Plus, iCloud encryption keys will now be stored in China, and more. Continue Reading
-
News
28 Feb 2018
Visa reports EMV chip cards thwart fraud, but criminals adapting
Visa points to a 70% drop in fraud due to EMV chip cards, as consumers and merchants adopt the new payment card technology. But criminals are shifting their own focus to adapt. Continue Reading
-
Podcast
27 Feb 2018
Risk & Repeat: Is the cyberthreat landscape shifting to cryptomining?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how new attacks, like cryptojacking, may be supplanting previous top cyberthreats, such as ransomware. Continue Reading
-
News
22 Feb 2018
SEC cybersecurity disclosure rules get a guidance update
The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents. Continue Reading
-
News
22 Feb 2018
GDPR data breach notification is just one piece of EU privacy puzzle
With the EU's General Data Protection Regulation looming, Qualys' Darron Gibbard discusses GDPR data breach notifications, and more with the EU's new privacy law. Continue Reading
-
Podcast
19 Feb 2018
Risk & Repeat: Cyberinsurance market gets a shake-up
In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new industry partnership designed to give Apple and Cisco customers beneficial cyberinsurance policies. Continue Reading
-
Tip
14 Feb 2018
How to prevent SQL injection attacks in your enterprise
SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at some alternative SQL injection protection methods. Continue Reading
-
Answer
13 Feb 2018
How should BGP route hijacking be addressed?
A new report from NIST shows how BGP route hijacking can threaten the internet. Expert Judith Myerson reviews the guidance for improving BGP security. Continue Reading
-
News
08 Feb 2018
DoJ breaks up Infraud Organization with some help
The U.S. Department of Justice announced the shutdown of the Infraud Organization, which authorities claim is responsible for global cyberfraud losses in excess of $530 million. Continue Reading
-
Tip
07 Feb 2018
Cloud security lessons to learn from the Uber data breach
Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main takeaways from the massive breach. Continue Reading
-
Feature
01 Feb 2018
CISOs map out their cybersecurity plan for 2018
What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans. Continue Reading
-
E-Zine
01 Feb 2018
Cybersecurity roadmap: What's driving CISOs' agendas for 2018
Omar F. Khawaja, CISO at Highmark Health, has five areas of focus on his cybersecurity roadmap, and technology is not at the top of the list. Instead, he is prioritizing organizational change management and building an effective decision-making framework for the security leaders of the national healthcare provider and insurer.
While Khawaja's cybersecurity roadmap may sound ambitious, his focus on risk management and team decision-making to align the security program with the healthcare organization's business strategy is far from unique. Studies show that executives increasingly recognize that a cyberattack could cripple their operations and mean millions in lost business and reputational damage as well as in cleanup costs.
"CISOs are now charged with defending this digital infrastructure, and that includes software everywhere and data as a resource, and that's a massive change at a time when the attack surface keeps expanding," says Jeff Pollard, an analyst at Forrester Research.
In this issue of Information Security magazine, security professionals detail the process of developing effective one-year plans. Why do companies struggle to strengthen their cybersecurity roadmap? We look at effective planning, what could go wrong and how to get support for your strategy.
Continue Reading -
News
26 Jan 2018
FBI encryption argument draws fire from senator
Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely. Continue Reading
- 26 Jan 2018
-
Podcast
24 Jan 2018
Risk & Repeat: Backdoor access, strong encryption debate rolls on
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points. Continue Reading
-
News
16 Jan 2018
CIA attributes NotPetya attacks to Russian spy agency
The CIA reportedly concluded that Russia's foreign intelligence agency created and was responsible for the NotPetya attacks against Ukraine in June. Continue Reading
-
Tip
10 Jan 2018
The 12 biggest cloud security threats, according to the CSA
The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks. Continue Reading
-
News
09 Jan 2018
NIST botnet security report recommendations open for comments
Federal agencies opened public comments on a draft botnet security report born from the 2017 White House cybersecurity executive order, and experts are generally favorable. Continue Reading
-
News
05 Jan 2018
Huge coordinated vulnerability disclosure needed for Meltdown
Unprecedented Spectre and Meltdown CPU flaws required a vast coordinated vulnerability disclosure effort over six months and across dozens of organizations. Continue Reading
-
Podcast
29 Dec 2017
Risk & Repeat: Cybersecurity predictions for 2018
In this week's Risk & Repeat podcast, SearchSecurity editors offer their cybersecurity predictions for 2018, including forecasts for cryptojacking, DDoS attacks and other threats. Continue Reading
-
News
20 Dec 2017
White House WannaCry attribution leaves unanswered questions
The White House's WannaCry attribution included the broad strokes, experts say, but the case avoided some key pieces of information, such as the role of the NSA in the attacks. Continue Reading
-
News
19 Dec 2017
North Korea behind WannaCry attacks, White House says
The White House officially said North Korea was behind the WannaCry attacks, and it credited Facebook and Microsoft for work in attribution. But it left questions unanswered. Continue Reading
-
News
14 Dec 2017
Mirai creators and operators plead guilty to federal charges
The Department of Justice announced guilty pleas from the three Mirai creators and operators behind the massive worldwide botnet DDoS attacks in 2016. Continue Reading
-
Podcast
14 Dec 2017
Risk & Repeat: The Bitcoin boom and its infosec effects
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency's rising value could affect the cybersecurity landscape. Continue Reading
-
News
07 Dec 2017
Army cyber officer hiring to build the future of warfare
A new initiative plans Army cyber officer hiring over the course of five years, but experts are skeptical it can attract the best candidates away from the private sector. Continue Reading
-
News
04 Dec 2017
Ex-NSA employee pleads guilty to removing classified data
The former NSA employee reportedly responsible for exposing classified data to Russian government hackers pleaded guilty and faces a maximum of 10 years in prison. Continue Reading
-
News
01 Dec 2017
Proposed data breach legislation could put executives in jail
Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers. Continue Reading
-
News
01 Dec 2017
Leaked NSA Ragtime files hint at spying on U.S. citizens
Exposed data included new information on the NSA Ragtime intelligence-gathering program, but it is unclear if the evidence proves Americans were targeted. Continue Reading
-
Feature
01 Dec 2017
CISOs take notice as GPS vulnerabilities raise alarms
GPS has been extraordinarily reliable, but there's a growing chorus of experts who say it's time to assess GPS security and consider protective strategies. Continue Reading
-
Podcast
30 Nov 2017
Risk & Repeat: Uber data breach has implications for infosec
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure. Continue Reading
-
News
30 Nov 2017
NSA data leak exposed Army INSCOM project information
Yet another publicly accessible cloud storage bucket exposed government data; this time it was an NSA data leak which included information on an Army intelligence project. Continue Reading
-
Tip
30 Nov 2017
Data breach litigation: What enterprises should know
Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach. Continue Reading
-
Answer
29 Nov 2017
How do source code reviews of security products work?
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews. Continue Reading
- 29 Nov 2017
-
Tip
28 Nov 2017
How a technology advisory group can benefit organizations
A technology advisory group can have an irreplaceable impact on an organization. Kevin McDonald explains how volunteer advisors can aid law enforcement and other organizations. Continue Reading
-
Podcast
21 Nov 2017
Risk & Repeat: Vulnerabilities Equities Process gets an update
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the new charter for the Vulnerabilities Equities Process and what it means for the infosec community. Continue Reading
-
News
20 Nov 2017
DOD exposed data stored in massive AWS buckets
A security researcher at UpGuard found exposed data in Amazon Web Services' cloud storage buckets. And once again, the data belongs to the Department of Defense. Continue Reading
-
News
17 Nov 2017
Google bug bounty pays $100,000 for Chrome OS exploit
An anonymous security researcher has once again earned the top Google bug bounty prize in the Chrome Reward Program for a Chrome OS exploit chain. Continue Reading
-
News
16 Nov 2017
Federal vulnerability review under new VEP still has questions
Experts are still unsure about the Vulnerabilities Equities Process, but admit the new VEP Charter could be a good step toward improving federal vulnerability review. Continue Reading
-
News
15 Nov 2017
New VEP Charter promises vulnerability transparency
The White House wants a more open Vulnerabilities Equities Process and has unveiled a new VEP Charter in order to promote transparency in bug reviews. Continue Reading
-
News
09 Nov 2017
FBI hacking may have crossed international borders
New court documents indicate an FBI hacking operation may have crossed international borders and infected systems in Russia, China and Iran. Continue Reading
-
Answer
06 Nov 2017
Monitoring employee communications: What do EU privacy laws say?
The European Court of Human Rights recently placed strict regulations on monitoring employee communications. Matt Pascucci compares EU privacy laws to the U.S.'s standards. Continue Reading
-
News
03 Nov 2017
Certificate authority business undergoes major changes
News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more. Continue Reading
-
News
02 Nov 2017
SAVE Act attempts to bolster election security
Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack. Continue Reading
-
E-Zine
01 Nov 2017
Next-gen SOC: What's on your automation roadmap?
The concept of a security operations center that optimizes resources -- security technologies, threat intelligence and analysts -- to counter threats is a great idea. However, in reality, designing an effective SOC is hard. Many companies struggle first with implementation and then with figuring out how to take their SOC to the next level. What will the next-gen SOC look like?
Security operations centers today are found mostly in large organizations and focus on detection and remediation. The lack of big data analysis tools that can work with wide varieties of data is a major obstacle.
"That's one of the reasons I think people say SOCs are not very effective yet," said Randy Marchany, CISO at Virginia Tech. The university's SOC project has been put on hold as they implement another security information and event management tool and ramp up on the open source Elastic Stack, formerly known as ELK.
Integration of tools and increased automation may help security analysts prioritize security events in a next-gen SOC, but once a serious security incident has been identified, many companies lack a sophisticated incident-response process. CISOs need to work on building internal and external relationships, like with law enforcement, that will assist the company in the event of a breach.
In this issue of Information Security magazine, we look at the strengths and weaknesses of security operations centers. To what extent are SOCs integrating the tools they have? How are they automating these processes? We ask CISOs and other security leaders what strategies will help organizations build the next-gen SOC. What is your three-year plan for getting your organization's security operations center to the next level?
Continue Reading -
Opinion
01 Nov 2017
Are companies with a SOC team less likely to get breached?
Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get. Continue Reading
-
Feature
01 Nov 2017
Are security operations centers doing enough?
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead. Continue Reading
-
Blog Post
31 Oct 2017
Is "responsible encryption" the new answer to "going dark"?
"Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ... Continue Reading
-
Feature
30 Oct 2017
Grossman: Cyberinsurance market is like the 'Wild West'
Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature. Continue Reading
- 30 Oct 2017
- 30 Oct 2017
-
News
27 Oct 2017
Warning for Equifax security issues came months before breach
A security researcher reportedly disclosed a number of Equifax security issues to the company months before the major data breach, and none of the problems were fixed. Continue Reading
-
Feature
26 Oct 2017
The art of the cyber warranty and guaranteeing protection
Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the science of developing a cyber warranty for threat detection products. Continue Reading
-
News
25 Oct 2017
NSA cyberweapons report follows Kaspersky transparency plan
A Kaspersky transparency initiative and a full code review of its products are on the way, and a new Kaspersky statement explained how NSA cyberweapons were uploaded to its servers. Continue Reading
-
Podcast
20 Oct 2017
Risk & Repeat: DEFCON tackles voting machine security
In this week's Risk & Repeat podcast, SearchSecurity editors discuss DEFCON's efforts to improve voting machine security in the wake of hacking threats during the 2016 election. Continue Reading
-
News
13 Oct 2017
DOJ's 'responsible encryption' is the new 'going dark'
News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed. Continue Reading
-
News
12 Oct 2017
DEFCON hopes voting machine hacking can secure systems
The first official report on voting machine hacking from DEFCON suggests the need for pen testing, basic security guidelines and cooperation from local and federal governments. Continue Reading
-
Tip
09 Oct 2017
Make your incident response policy a living document
Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members. Continue Reading
-
News
05 Oct 2017
Equifax breach impact expands, blame game continues
The Equifax breach impact expanded and the company's former CEO answered questions in a congressional hearing, but experts were not satisfied by the answers. Continue Reading
-
Podcast
05 Oct 2017
Risk & Repeat: Are hacking victims taking too much blame?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss comments from the FBI's Donald Freese on the practice of blaming and shaming hacking victims and its effects. Continue Reading
-
News
29 Sep 2017
Government data requests on the rise for Apple and Google
One expert is concerned about the large increase of government data requests received by Apple and the effects this surveillance activity has on user privacy. Continue Reading
-
Blog Post
29 Sep 2017
FBI's Freese: It's time to stop blaming hacking victims
The FBI's Don Freese spoke at the (ISC)2 Security Congress this week about the need to end the practice of blaming hacking victims. But will infosec professionals listen? Continue Reading
-
News
21 Sep 2017
Undisclosed SEC breach may have led to illegal stock trades
The U.S. Securities and Exchange Commission admitted a 2016 breach that was previously undisclosed may have enabled threat actors to engage in illegal stock trades. Continue Reading
-
Tip
19 Sep 2017
How to balance organizational productivity and enterprise security
It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. Continue Reading
-
News
15 Sep 2017
DHS banned Kaspersky software from all government systems
News roundup: DHS has banned Kaspersky software from use in government systems. Plus, the commonwealth of Virginia decided to do away with touchscreen voting machines, and more. Continue Reading
-
Podcast
01 Sep 2017
Risk & Repeat: Alternative infosec conferences on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how smaller, more targeted infosec conferences are making a name for themselves in the shadow of much larger events. Continue Reading
-
News
29 Aug 2017
Kaspersky-Russian ties still unclear, despite FBI push
The specter of Kaspersky-Russian ties has reportedly led to an FBI campaign urging private organizations to drop Kaspersky Lab products; experts urge the FBI to share more evidence. Continue Reading
-
Feature
29 Aug 2017
Top cybersecurity conferences for when Black Hat and RSA aren't right
The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle. Continue Reading
-
Tip
29 Aug 2017
What to do when cybersecurity breaches seem inevitable
The current threat landscape makes cybersecurity breaches seem unavoidable. Expert Peter Sullivan discusses some simple ways enterprises can reduce the risk of a breach. Continue Reading
-
News
25 Aug 2017
U.S. government cybersecurity is a mess, according to officials
News roundup: John McCain, NIAC and others called out the administration for not doing enough on U.S. government cybersecurity. Plus, the Ropemaker exploit alters emails, and more. Continue Reading
-
Feature
18 Aug 2017
Valerie Plame: U.S. government cyberdefense must be improved
Former CIA officer Valerie Plame discusses why America's cyberdefense is lagging behind -- and what the government and private sector should do to reverse the trend. Continue Reading
-
News
18 Aug 2017
Offensive cyberweapons from enemies may be re-engineered
The U.S. Defense Intelligence Agency wants to isolate, study, customize and re-engineer malware from adversaries to be used as its own offensive cyberweapons. Continue Reading
-
News
17 Aug 2017
Authorities can't force smartphone access in iOS 11
IOS 11 will allow users to avoid authorities attempting to force smartphone access by temporarily disabling biometric unlocking of mobile devices. Continue Reading
-
News
11 Aug 2017
Cybersecurity machine learning moves ahead with vendor push
Bloggers explore the growing role of cybersecurity machine learning, the capabilities of Microsoft's containers and how well SIEM works for threat detection. Continue Reading
-
News
11 Aug 2017
FBI's Next Generation Identification system exempt from Privacy Act
News roundup: The FBI Next Generation Identification biometrics database is exempt from the Privacy Act. Plus, Salesforce fired two top staffers after DEFCON, and more. Continue Reading
-
Feature
11 Aug 2017
U.S. attorney: Gathering cybercrime evidence can be difficult
Assistant U.S. attorney says jurors and courts are getting smarter about cybercrime evidence, although digital cases overall may be getting more difficult to prosecute. Continue Reading
-
Podcast
10 Aug 2017
Risk & Repeat: Voting machine hacking brings good and bad news
In this week's Risk & Repeat podcast, SearchSecurity editors look back at DEFCON 2017's voting machine hacking and what it could mean for the future of U.S. election security. Continue Reading
-
Feature
09 Aug 2017
How FBI cyber investigations handle obfuscation techniques
An FBI agent discusses cyber investigations, how they handle obfuscation techniques, the anonymizing features of the deep web and how to catch the right person. Continue Reading
-
Feature
08 Aug 2017
FBI: Cyber investigations no different from real world
Despite a loud group claiming the burden of proof is harder to meet with digital evidence, an agent says FBI cyber investigations are not much different from traditional cases. Continue Reading
-
News
03 Aug 2017
MalwareTech arrested for Kronos banking Trojan connection
The FBI arrested the famed security researcher known as MalwareTech after a two-year investigation into the creation and distribution of the Kronos banking Trojan. Continue Reading
-
Tip
03 Aug 2017
What you need to know about setting up a SOC
Setting up a SOC is different for every enterprise, but there are some fundamental steps with which to start. Expert Steven Weil outlines the basics for a security operations center. Continue Reading
-
News
02 Aug 2017
Hacking voting machines takes center stage at DEFCON
DEFCON attendees were successful in hacking voting machines and now that there is proof the systems are insecure, more work needs to be done to change election laws and practices. Continue Reading
-
E-Zine
01 Aug 2017
Four technologies that could transform information security programs
With digital transformations underway in many industries, CIOs aren't the only ones who need to have the next big thing on their radar. What security innovations should you follow to ready your organization's information security programs?
The internet of things is both a security threat and potentially a security boon. Big data, machine learning and a growing number of systems with pseudo artificial intelligence may help ease the workloads of security analysts. Bitcoin's distributed database technology known as blockchain can add security to a variety of systems, but scalability remains an early concern. Quantum computing? That one may be too far out -- five years at least -- to be considered a near-term technology disruptor to enterprise information security programs.
Whether your organization is focused on manufacturing and infrastructure -- such as industrial control systems -- or consumer and information technology -- such as the internet of things -- everything is rapidly becoming connected and potentially accessible from the internet. Many information security programs are not on track for the internet of things, complex clouds and other technology disruptors. We dust off the crystal ball in this issue of Information Security magazine and ask infosec experts and venture capitalists to look into the future.
Continue Reading -
News
01 Aug 2017
Experts debate Vulnerabilities Equities Process disclosure
Experts debated how the government should weigh disclosure in the Vulnerabilities Equities Process and whether to err on the side of offense or defense. Continue Reading
-
News
26 Jul 2017
Stamos preaches defensive security research in Black Hat keynote
Facebook's Alex Stamos used his Black Hat 2017 keynote to address a wide variety of issues, including defensive security research and diversity in the infosec community. Continue Reading
