Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. “That’s a high-risk vulnerability.

Insurance 328

Insurance Risk Financial Services CISO 328

The State of Security

AUGUST 17, 2021

According to Gartner, global spending on information security and risk management technology is expected to exceed $150 billion in 2021. The post The Top 10 Highest Paying Jobs in Information Security – Part 1 appeared first on The State of Security. Cybersecurity Ventures estimated that there will be 3.5

Information Security 112

Information Security Technology Risk Cybersecurity 112

SecureWorld News

APRIL 28, 2023

Featured guests are Krista Arndt, CISO, United Musculoskeletal Partners; David Lingenfelter, VP of Information Security, Penn Entertainment; and Bistra Lutz, Director of Global Information Security Operations, Crown Holdings.

InfoSec 124

InfoSec CISO Ransomware Information Security 124

Notice Bored

MAY 25, 2022

The community as a whole benefits by sharing and collaborating, even though individuals might benefit more by selfishly withholding information. There is a strong argument to facilitate much more sharing of information about information risk and security, incidents, controls etc. And what are 'incidents', in fact?

InfoSec 74

InfoSec Risk Antivirus Government 74

eSecurity Planet

OCTOBER 18, 2024

(ISC)2 : This organization offers free self-paced training for a limited time but is more recognized for its high-end Certified Information Systems Security Professional (CISSP) designation, acknowledging your ability to design and monitor a secure system environment, qualifying holders for engineering and executive infosec positions.

Cybersecurity 125

Cybersecurity Artificial Intelligence Penetration Testing CISO 125

Security Affairs

APRIL 21, 2020

The security researcher Pedro Ribeiro, Director of Research at Agile Information Security, has published details about four zero-day vulnerabilities affecting the IBM Data Risk Manager (IDRM) after the company refused to address the issues. The latest version Agile InfoSec has access to is 2.0.3,

Risk 133

Risk Authentication Advertising InfoSec 133

Security Boulevard

JULY 7, 2022

Risks to Your Network from Insecure Code Signing Processes. However, this practice puts these critical resources at risk for being misused or compromised. Many InfoSec teams don’t have the visibility into what their software development teams are doing. In years past, InfoSec may have been the central keeper of code signing.

Risk 98

Risk InfoSec Software Digital transformation 98

Security Affairs

SEPTEMBER 30, 2021

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats. Pierluigi Paganini.

Risk 115

Risk InfoSec Ransomware Technology 115

Notice Bored

MAY 12, 2022

We have just completed and released a brand new information security policy template on professional services. Professional services engagements, and hence the associated information risks, are so diverse that it made no sense to specify particular infosec controls, except a few examples.

InfoSec 66

InfoSec Risk Accountability Government 66

Notice Bored

JUNE 25, 2021

begging questions about which infosec-related matters are particularly important, and how they stack up in relation to other business priorities, issues, pressures etc. begging questions about which infosec-related matters are particularly important, and how they stack up in relation to other business priorities, issues, pressures etc.

InfoSec 63

InfoSec Risk Information Security Government 63

SecureWorld News

JULY 31, 2023

Cybersecurity professionals have various views on last week's news from the United States Securities and Exchange Commission (SEC) when it surprised the InfoSec community and the C-suites of corporate America. For sanity, manage to a written information security policy.

CISO 98

CISO InfoSec Risk Cybersecurity 98

Notice Bored

APRIL 4, 2022

Yesterday, I completed and published the white paper on information security control attributes. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.

InfoSec 72

InfoSec Information Security Risk 72

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs. Sampling No Longer Works.

Cybersecurity 363

Cybersecurity Artificial Intelligence CISO Wireless 363

Notice Bored

JUNE 20, 2022

The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as " Our Information Security Management System conforms to generally accepted good security practices as described in the ISO/IEC 27000-series information security standards. "

InfoSec 60

InfoSec Information Security Risk Government 60

Notice Bored

MAY 24, 2021

Anyone seeking information security standards or guidance is spoilt for choice e.g. : ISO27k - produced by a large international committee of subject matter experts and national representatives NIST SP 800 series – well researched, well written, actively maintained. and loads more. and loads more. Three different perspectives.

InfoSec 98

InfoSec Risk IoT Information Security 98

SecureWorld News

APRIL 9, 2025

We have been identifying people based on personality and aptitude for decades," said Rick Doten , VP, Information Security, Centene Corporation, who just keynoted on the topic of neurodiversity at SecureWorld Charlotte on April 2nd. " My initial thought is 'how is this new?'

Cybersecurity 88

Cybersecurity Education InfoSec Government 88

Notice Bored

MARCH 14, 2022

How does one write an information security report? It also occurs to me that, aside from structuring the reports according to the information security controls and incidents , you could use the information risks in a similar way. What should be reported?" Using appropriate metrics makes sense, of course.

Risk 76

Risk InfoSec Information Security Government 76

Notice Bored

APRIL 10, 2021

We're currently preparing some new information risk and security policies for SecAware.com. but we're working on these four additions: Capacity and performance management : usually, an organization's capacity for information processing is managed by specialists in IT and HR. Lots of questions to get our teeth into!

InfoSec 60

InfoSec Penetration Testing Information Security Risk 60

Cisco Security

MAY 5, 2022

As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. Infosec Registered Assessors Program (IRAP December 2020).

Marketing 145

Marketing InfoSec Risk Technology 145

The Falcon's View

AUGUST 29, 2017

I concluded that maybe this sub-field would be called something like "behavioral security" and started doing searches on the topic. There is already a well-established sub-field within information security (infosec) known as " Behavioral Information Security." Well, low-and-behold, it already exists!

Information Security 45

Information Security InfoSec Social Engineering Security Awareness 45

The Security Ledger

APRIL 2, 2021

The information security industry needs both better tools to fight adversaries, and more people to do the fighting, says Fortinet Deputy CISO Renee Tarun in this interview with The Security Ledger Podcast’s Paul Roberts. The information security industry is simultaneously robust and beset by problems and challenges.

InfoSec 52

InfoSec CISO Information Security Cyber Risk 52

SecureWorld News

JUNE 24, 2024

In addition, the risks of monetary and operational damage render it mission critical for enterprises to envision and enact the appropriate People, Process, and Technology safeguards to assure data protection and privacy. Gain real-time visibility to data security posture. Facilitate continuous monitoring of data risks and threats.

IoT 109

IoT InfoSec Artificial Intelligence Risk 109

CyberSecurity Insiders

MAY 27, 2021

SAN FRANCISCO–( BUSINESS WIRE )–Resecurity is proud to announce they have won the following award(s) from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: Cutting Edge in Digital Footprint Security. Next-Gen in Third-Party Risk Management (TPRM).

InfoSec 52

InfoSec B2C B2B Media 52

Security Boulevard

JANUARY 9, 2022

The post BSides Berlin 2021 – Vasant Chinnipilli’s ‘Rooting Out Security Risks Lurking In Your CI-CD Pipelines’ appeared first on Security Boulevard. Our thanks to BSides Berlin for publishing their tremendous videos from the BSides Berlin 2021 Conference on the organization’s’ YouTube channel.

Risk 122

Risk Education InfoSec Information Security 122

Duo's Security Blog

OCTOBER 6, 2023

Threat actors have dramatically escalated their attacks – targeting security controls like multi-factor authentication (MFA), conducting wily social engineering attacks and extorting businesses large and small with ransomware. To achieve more resilience in this heightened risk environment, stepping up zero trust maturity is essential.

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Security Boulevard

OCTOBER 30, 2022

Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail.

CISO 97

CISO Risk Cybersecurity Data privacy 97

Notice Bored

JUNE 23, 2022

ISO/IEC 27003 offers a page of 'guidance on formulating an information security risk treatment plan (6.1.3 e))', which I won't quote in full but summarise and critique here: The RTP documents the outputs from '27001 clause 6.1.3 a) through c). Necessary control(s); Where both 'controls' and 'necessary' are decidedly ambiguous.

Risk 63

Risk Architecture Accountability InfoSec 63

SecureWorld News

AUGUST 22, 2022

Chris Spohr is the Information Security Officer for Republic Finance, LLC, and adds value by serving as the Head of Information Security to protect the company's data, brand, and jobs. This started me down the InfoSec path and I found that I liked specializing in a challenging area. Louis Advisory Council.

Cybersecurity 98

Cybersecurity InfoSec Retail Manufacturing 98

Herjavec Group

MAY 17, 2021

With Identity Managed Services, your organization can: Gain 24×7 visibility into the health of your Identity platform without increasing security staff. Quickly detect risks and amend access entitlement issues associated with privileged users. About CDM InfoSec Awards . Learn more?

InfoSec 52

InfoSec Technology Marketing B2C 52

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics 126

Computers and Electronics Technology Information Security Education 126

SecureWorld News

SEPTEMBER 12, 2023

These skills also happen to apply to information security (infosec) and cyber threat intelligence and research. And you'll leave your first infosec conference with an armful of them. But infosec is the rare industry with clearcut heroes and villains. My Infosec Era has only just begun.

Cybersecurity 104

Cybersecurity InfoSec Threat Detection Accountability 104

Security Boulevard

JULY 19, 2021

The post BSides Vancouver 2021 – Vivek Ponnada’s ‘Is The Power Grid A Huge Cybersecurity Risk?’ ’ appeared first on Security Boulevard. Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups' YouTube channel.

Risk 98

Risk Cybersecurity Education InfoSec 98

SC Magazine

APRIL 14, 2021

For the first time in its 60-year history, the OECD offered policy guidelines for risk reduction through vulnerability management. For the first time in its history this past February, the Organization for Economic Cooperation and Development (OECD) offered policy guidelines for digital risk reduction through vulnerability management.

Government 107

Government Risk Information Security InfoSec 107

Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? Professional services are information-centric: information is the work product , the purpose, the key deliverable. Withheld or unavailable for some reason (e.g. if a consultant fell sick or a laptop was lost or stolen).

Risk 72

Risk Energy and Utilities Computers and Electronics Telecommunications 72

SecureWorld News

FEBRUARY 26, 2024

Bill Bowman, CISSP, CIPM, is the Chief Information Security Officer & Data Privacy Officer at financial software company Emburse. A : When I was with Bright Horizons, many top-tier clients demanded InfoSec competence. A : Moving the reporting line to risk (GC/CLO); using AI. I learned from them. A : Phil Venables.

Cybersecurity 109

Cybersecurity CISO InfoSec Data privacy 109

Hot for Security

FEBRUARY 16, 2021

Because modern seismic stations are now implemented as an Internet-of-Things (IoT) station – and just as insecure as any other IoT device – Samios and his colleagues were able to identify threats to the equipment that infosec pros typically find in common IoT gear, from smart doorbells to security cams.

IoT 128

IoT InfoSec Data collection Encryption 128

SecureWorld News

JUNE 13, 2023

It was fitting that the opening keynote panel for SecureWorld Chicago on June 8th was titled " Making the Cybersecurity Music: Navigating Challenges and Opportunities in Today's InfoSec Landscape. Well, information security, cybersecurity happens to be a critical part of the business, being able to achieve strategic objectives.

Cybersecurity 98

Cybersecurity CISO InfoSec Risk 98