SearchSecurity
New & Notable
News
The TLS 1.3 protocol update is finally published
The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.
News
PTSD and depression get much needed attention at Black Hat 2018
While burnout, depression and PTSD can affect anyone, infosec mental health still doesn't often get the attention it deserves, but Black Hat 2018 attempted to change that.
Manage
How to work around Efail flaws in OpenPGP and S/MIME
Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb.
Manage
An analysis of the botnet security NIST report
The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats Manage
How a Mirai variant puts billions of devices at risk
A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.
-
Windows security Problem Solve
The severity of Microsoft's NTFS security flaw
A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology Manage
Comparing lattice cryptography to current cryptography
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
-
Security industry trends News
Black Hat attendees facing workforce, budget challenges
According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Kathleen Richards asks:
If you have survived a breach, what advice would you give to CSOs and other security professionals?
-
Nick Lewis asks:
Do you think the recommendations in the NIST report will be useful to defend against distributed threats? Why or why not?
Find Solutions For Your Project
-
Evaluate
Malicious apps used Facebook APIs to steal user data
Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data.
-
Misuse of the UPnP protocol leads to a vulnerability
-
Top three benefits of SIEM for the enterprise
-
MANRS: ISOC's solution for BGP security
-
-
Problem Solve
Malwarebytes discovered four new Mac security risks
Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis.
-
The severity of Microsoft's NTFS security flaw
-
Why infosec needs more female conference speakers
-
How a vulnerability puts emergency warning systems at risk
-
-
Manage
OneLogin CSO: 'We do everything through risk models now'
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.
-
An analysis of the botnet security NIST report
-
How to work around Efail flaws in OpenPGP and S/MIME
-
How new Android malware, Skygofree, targets phones
-
-
E-Zine | August 2018
Security data scientists on how to make your data useful
Download -
E-Handbook | July 2018
Incident response playbook in flux as services, tools arrive
Download -
E-Handbook | June 2018
Machine learning security, a real advance in tech protection
Download -
E-Zine | June 2018
CISOs face the IoT security risks of stranger things
Download -
Buyer's Handbook | May 2018
A security operations center for hire? Something to consider
Download
Information Security Basics
-
Get Started
Advances in access governance strategy and technology
Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data.
-
Get Started
Top three benefits of SIEM for the enterprise
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.
-
Get Started
certificate authority
A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.
Multimedia
Vendor Resources
Blog: Security Bytes
-
Five things to watch for at Black Hat USA this year
As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss.Continue Reading
-
How Dropbox dropped the ball with anonymized data
Dropbox came under fire for sharing anonymized data with academic researchers after questions emerged about how the data was protected and used.Continue Reading
-
More Security Bytes Posts
Is the new California privacy law a domestic GDPR?
Cyber attribution: Why it won't be easy to stop the blame game
It's GDPR Day. Let the privacy regulation games begin!
-
News
View All -
Web browser security
The TLS 1.3 protocol update is finally published
The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.
-
Security awareness training and insider threats
PTSD and depression get much needed attention at Black Hat 2018
While burnout, depression and PTSD can affect anyone, infosec mental health still doesn't often get the attention it deserves, but Black Hat 2018 attempted to change that.
-
Mobile security threats and prevention
Google apps keep tracking location after setting is turned off
New research has discovered mobile apps may still store where users have been even after Google location-tracking services have been turned off.
SearchSecurity Definitions
- certificate authority (CA)
- hacktivism
- advanced persistent threat (APT)
- whaling attack (whaling phishing)
- Certified Cloud Security Professional (CCSP)
- federated identity management
- next-generation firewall (NGFW)
- DMZ (networking)