Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Feature
20 Dec 2024
Identity and access management tools and features for 2025
The IAM tool marketplace is complex and ever-changing. Learn about key features and how to discern what your organization needs before approaching potential providers. Continue Reading
By- Ed Moyle, Drake Software
-
Guest Post
19 Dec 2024
Add gamification learning to your pen testing training playbook
Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Feature
09 Jan 2024
How to fix the top 5 cybersecurity vulnerabilities
Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Feature
09 Jan 2024
Top 30 incident response interview questions
Job interviews are nerve-wracking, but preparation can minimize jitters and position you to land the role. Get started with these incident response interview questions and answers. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
09 Jan 2024
Top 7 enterprise cybersecurity challenges in 2024
Security teams faced unprecedented challenges in 2023. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to consider in 2024. Continue Reading
By- Sharon Shea, Executive Editor
-
Definition
08 Jan 2024
NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF) provides guidance on how to manage and reduce IT infrastructure security risk. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Feature
03 Jan 2024
Why effective cybersecurity is important for businesses
Cyber attacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step. Continue Reading
-
Definition
21 Dec 2023
Zoombombing
Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app. Continue Reading
-
Definition
21 Dec 2023
What is the CIA triad (confidentiality, integrity and availability)?
The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Wesley Chai
-
Definition
18 Dec 2023
holistic (holistic technology)
Holistic technology is an approach to IT management that considers the infrastructure as a whole instead of as a collection of individual systems. Continue Reading
By- Gavin Wright
- Emily McLaughlin, Coravin
-
Tip
15 Dec 2023
How CISOs can manage multiprovider cybersecurity portfolios
In today's cybersecurity market, the as-a-service model reigns. That means, as they increasingly rely on outsourcing, CISOs must learn to juggle multiple third-party providers. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Feature
14 Dec 2023
9 cybersecurity trends to watch in 2024
Analysts are sharing their cybersecurity trends and predictions for 2024. From zero-day attacks to generative AI security and increased regulations, is your organization ready? Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
13 Dec 2023
12 key cybersecurity metrics and KPIs for businesses to track
IT security managers need to monitor cybersecurity efforts and make sure they're effective. These 12 metrics and KPIs will help show what's working -- and what isn't. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Tip
01 Dec 2023
7 key OT security best practices
Keeping operational technology secure requires vigilance and effort, especially as OT increasingly converges with IT. These cybersecurity best practices can help. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Definition
21 Nov 2023
CISO as a service (vCISO, virtual CISO, fractional CISO)
A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. Continue Reading
By- Ben Lutkevich, Site Editor
-
Feature
21 Nov 2023
Cybersecurity budgets lose momentum in uncertain economy
Organizations' increasing prioritization of cybersecurity has protected most programs from major budget cuts. Even so, many CISOs are feeling the pinch. Continue Reading
By- Alissa Irei, Senior Site Editor
-
Opinion
20 Nov 2023
Security continues to lag behind cloud app dev cycles
Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By- Ravi Das, ML Tech Inc.
-
Opinion
17 Nov 2023
Security highlights from KubeCon + CloudNativeCon 2023
KubeCon + CloudNativeCon provided valuable insights for security teams supporting cloud-native development, including securing GenAI, platform engineering and supply chains. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
16 Nov 2023
8 ways to cope with cybersecurity budget cuts
In times of economic uncertainty, cybersecurity budget cuts can make the security team's job even more challenging. Here are eight ways to minimize risk with minimal resources. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Definition
16 Nov 2023
What is cyber hygiene and why is it important?
Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
09 Nov 2023
SolarWinds fires back at SEC over fraud charges
SolarWinds said the SEC's lawsuit contains several 'false claims,' including allegations about how Russian nation-state hackers first got inside the company's network Continue Reading
By- Rob Wright, Senior News Director
-
Definition
07 Nov 2023
dark web monitoring
Dark web monitoring is the process of searching for and continuously tracking information on the dark web. Continue Reading
By- Ben Lutkevich, Site Editor
-
Definition
03 Nov 2023
cybersecurity asset management (CSAM)
Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Podcast
01 Nov 2023
Risk & Repeat: Breaking down SEC charges against SolarWinds
This episode covers the SEC charges against SolarWinds and CISO Timothy Brown for allegedly hiding known cybersecurity risks prior to the 2020 supply chain attack it suffered. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
27 Oct 2023
How to create a cybersecurity awareness training program
Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
-
News
24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'
Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
19 Oct 2023
Structured Threat Information eXpression (STIX)
Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies. Continue Reading
By- Rahul Awati
- Madelyn Bacon, TechTarget
-
Tip
18 Oct 2023
Cybersecurity vs. cyber resilience: What's the difference?
Companies need cybersecurity and cyber-resilience strategies to protect against attacks and mitigate damage in the aftermath of a successful data breach. Continue Reading
By -
Tip
17 Oct 2023
How to conduct a cyber-resilience assessment
It's a good cyber-hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
By -
Tip
16 Oct 2023
Build a strong cyber-resilience strategy with existing tools
Existing security protocols and processes can be combined to build a cyber-resilience framework, but understanding how these components relate to each other is key. Continue Reading
By -
Definition
12 Oct 2023
security awareness training
Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
By- Kinza Yasar, Technical Writer
- Mary K. Pratt
-
Tip
11 Oct 2023
Top 6 password hygiene tips and best practices
Passwords enable users to access important accounts and data, making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
By- Diana Kelley, SecurityCurve
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
-
Tip
10 Oct 2023
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By -
Definition
10 Oct 2023
risk appetite
Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Definition
04 Oct 2023
What is ransomware? How it works and how to remove it
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
-
Definition
03 Oct 2023
security posture
Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Linda Rosencrance
-
Feature
29 Sep 2023
Secure service edge strengths drive SASE deployments
Enterprise Strategy Group's John Grady discusses the latest findings in his newly released report and why businesses won’t start a SASE initiative without first implementing SSE. Continue Reading
By- Ron Karjian, Industry Editor
-
Tip
28 Sep 2023
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Definition
26 Sep 2023
principle of least privilege (POLP)
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Opinion
25 Sep 2023
6 reasons Cisco acquired Splunk
A treasure trove of Cisco and Splunk data, AI and analytics can improve cyber-resilience, accelerate threat detection and response, and enable more intelligent networks. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tutorial
22 Sep 2023
How to disable removable media access with Group Policy
Removable media can pose serious security problems. But there is a way to control who has access to optical disks and USB drives through Windows' Active Directory. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Opinion
22 Sep 2023
Google and Mandiant flex cybersecurity muscle at mWISE
End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
20 Sep 2023
How to train employees to avoid ransomware
Do your employees know what to do if ransomware strikes? As your organization's first line of defense, they should receive regular trainings on ransomware prevention and detection. Continue Reading
By- Sharon Shea, Executive Editor
-
Opinion
18 Sep 2023
What to consider when creating a SaaS security strategy
Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
14 Sep 2023
How CIOs can build cybersecurity teamwork across leadership
Cross-departmental relationships are key to long-term business success. Discover why CIOs must focus on teamwork with these three C-suite roles for highly effective cybersecurity. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
13 Sep 2023
Meet MLSecOps: Industry calls for new measures to secure AI
Open source security, already in the software supply chain spotlight, must expand to include AI models, according to the OpenSSF and DevSecOps vendor JFrog. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Podcast
12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks
Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
06 Sep 2023
Cut through cybersecurity vendor hype with these 6 tips
Cybersecurity vendor hype can make purchasing decisions difficult. When considering a new product or service, think critically about whether it would truly add business value. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Definition
31 Aug 2023
IT controls
An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations. Continue Reading
By -
Podcast
30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms
Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
30 Aug 2023
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security
CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
29 Aug 2023
critical infrastructure
Critical infrastructure is the collection of systems, networks and public works that a government considers essential to its functioning and safety of its citizens. Continue Reading
By -
Definition
28 Aug 2023
ISACA
ISACA is an independent, nonprofit, global association that engages in the development, adoption and use of globally accepted information system (IS) knowledge and practices. Continue Reading
By -
Tip
28 Aug 2023
Enterprise dark web monitoring: Why it's worth the investment
Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
24 Aug 2023
VMware, Cisco prep generative AI for SecOps
Generative AI has the potential to go beyond identifying anomalies in known data to create new information, such as incident summaries or security policies -- as well as new risks. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
22 Aug 2023
VMware revamps cloud software for edge management
VMware's new Edge Cloud Orchestrator, formerly VMware SASE Orchestrator, manages VMware's edge compute and SD-WAN systems. Carmaker Audi plans to use the product in its factories. Continue Reading
By- Antone Gonsalves, News Director
-
News
21 Aug 2023
Vendors criticize Microsoft for repeated security failings
Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
16 Aug 2023
How to use dynamic reverse engineering for embedded devices
In this excerpt from 'Practical Hardware Pentesting,' read step-by-step instructions on how to find vulnerabilities on IoT devices using dynamic reverse engineering. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Tip
14 Aug 2023
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
By- Paul Kirvan
- Sharon Shea, Executive Editor
-
News
10 Aug 2023
CISA shares 'secure by design' plan for US tech ecosystem
The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Aug 2023
Kemba Walden: We need to secure open source software
During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software. Continue Reading
By- Rob Wright, Senior News Director
-
News
09 Aug 2023
Coalition looks to bridge gap between CISOs, cyber insurance
While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
By- Arielle Waldman, News Writer
-
News
07 Aug 2023
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
04 Aug 2023
8 vulnerability management tools to consider in 2023
Vulnerability management tools help organizations identify and remediate system and application weaknesses and more. Choose your tool -- or tools -- carefully. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Definition
03 Aug 2023
policy engine
A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization's data can be accessed. Continue Reading
-
Opinion
26 Jul 2023
Security hygiene and posture management: A work in progress
Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Feature
20 Jul 2023
Enterprise communication security a growing risk, priority
Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
By- Craig Stedman, Industry Editor
-
News
19 Jul 2023
Microsoft to expand free cloud logging following recent hacks
Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
By- Rob Wright, Senior News Director
-
News
18 Jul 2023
Splunk AI update adds specialized models for SecOps tasks
Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
14 Jul 2023
Rein in cybersecurity tool sprawl with a portfolio approach
Market consolidation can counterintuitively exacerbate cybersecurity tool sprawl, with many products offering overlapping features. A portfolio approach brings clarity to chaos. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Feature
10 Jul 2023
How to map security gaps to the Mitre ATT&CK framework
Mapping security gaps to the Mitre ATT&CK framework enables SOC teams to prioritize, remediate and eliminate vulnerabilities before malicious actors exploit them. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
Feature
10 Jul 2023
Get started: Threat modeling with the Mitre ATT&CK framework
The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
29 Jun 2023
Cued by breach postmortems, fintech refines zero trust
In a quest to continuously improve, Mercury's security leader takes inspiration from other companies' lessons learned, then updates tools and practices accordingly. Continue Reading
By- Beth Pariseau, Senior News Writer
-
News
27 Jun 2023
HashiCorp Vault to expand in DevSecOps with BluBracket buy
HashiCorp expands Vault's focus to include DevSecOps with the acquisition of a secrets scanning startup, setting the stage for a potential showdown with Microsoft and GitHub. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
23 Jun 2023
Top 10 threat modeling tools, plus features to look for
Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading
By -
Opinion
21 Jun 2023
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
15 Jun 2023
CISA SBOM standards efforts stymied by confusion, inertia
Efforts to establish SBOM standards and guidance have progressed, but unanswered questions persist -- including how the federal government plans to enforce its own requirements. Continue Reading
By- Beth Pariseau, Senior News Writer
-
Tip
15 Jun 2023
Risk assessment vs. threat modeling: What's the difference?
Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data. Continue Reading
By -
Tip
14 Jun 2023
How to calculate cybersecurity ROI with concrete metrics
Calculating and communicating cybersecurity ROI can help persuade top management to invest. Here's how to use meaningful, concrete metrics. Continue Reading
By- Jerald Murphy, Nemertes Research
-
Opinion
14 Jun 2023
Cisco releases new security offerings at Cisco Live 2023
At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
08 Jun 2023
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Tip
07 Jun 2023
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Tip
07 Jun 2023
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Feature
30 May 2023
Vendors: Threat actor taxonomies are confusing but essential
Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Tip
25 May 2023
How to conduct a smart contract audit and why it's needed
Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
By -
Opinion
16 May 2023
Closing the book on RSA Conference 2023
AI, cloud security, SOC modernization and security hygiene and posture management were all hot topics at RSAC in San Francisco this year. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
16 May 2023
How to build a better vulnerability management program
With a vulnerability management program in place, your organization is better equipped to identify and mitigate security vulnerabilities in people, processes and technologies. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
News
10 May 2023
CISOs face mounting pressures, expectations post-pandemic
Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Tip
10 May 2023
5 SBOM tools to start securing the software supply chain
Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
By- Ravi Das, ML Tech Inc.
-
Feature
03 May 2023
Studies show ransomware has already caused patient deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Tip
01 May 2023
Stay ahead of threats with DevOps security best practices
Unsure where to start when it comes to securing your DevOps environment? Taking these five actions can strengthen your organization's defenses against cyber attacks. Continue Reading
By -
News
28 Apr 2023
ChatGPT uses for cybersecurity continue to ramp up
The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice
Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
25 Apr 2023
DOJ's Monaco addresses 'misperception' of Joe Sullivan case
In her RSA Conference keynote, Deputy Attorney General Lisa Monaco was asked if the prosecution of former Uber CSO Joe Sullivan damaged trust with the private sector. Continue Reading
By- Rob Wright, Senior News Director
-
News
24 Apr 2023
IBM launches AI-powered security offering QRadar Suite
IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Apr 2023
DC Health Link breach caused by misconfigured server
Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
19 Apr 2023
How to prepare for a cybersecurity audit
Organizations should conduct regular cybersecurity audits to determine if their networks and other assets are properly protected, as well as if they meet compliance mandates. Continue Reading
By -
Tip
19 Apr 2023
Generative AI in SecOps and how to prepare
Generative AI assistants could be game changers in the SOC -- but not if SecOps teams haven't prepared for them. Here's how to get ready. Continue Reading
By- John Burke, Nemertes Research
-
Feature
18 Apr 2023
How to use the Apple Rapid Security Response updates
Typical Apple OS updates are large and infrequent, but the Rapid Security Response feature helps admins keep Apple devices patched without performing full OS updates. Continue Reading
By