Features

Features

• Compare 5 SecOps certifications and training courses

  Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response.  Continue Reading

• Free online cybersecurity classes, with certificates

  Check out SearchSecurity's catalog of free online security courses led by information security experts on today's most popular security topics.  Continue Reading

• Cybersecurity communication key to addressing risk

  As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged.  Continue Reading

• Weighing the future of firewalls in a zero-trust world

  Cybersecurity pros have been predicting the firewall's demise for years, yet the device is still with us. But does it have a place in zero-trust networks? One analyst says yes.  Continue Reading

• 5 steps to get IoT cybersecurity and third parties in sync

  Third parties often prove to be the weak links when it comes to IoT cybersecurity. Learn what you can do to minimize the risk while reaping the benefits that outside vendors bring.  Continue Reading

• AI in security analytics is the enhancement you need

  AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.  Continue Reading

• Zero-trust network policies should reflect varied threats

  Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies.  Continue Reading

• Zero-trust methodology's popularity a double-edged sword

  The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness.  Continue Reading

• For cybersecurity training, positive reinforcement is best

  Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive reinforcement is the best way to get results.  Continue Reading

• Explore the top 3 zero-trust certifications and training courses

  Explore how zero-trust certifications and training options from Forrester, Cybrary and Pluralsight can build on your IT team's skills for a successful security migration.  Continue Reading

• The Ghidra Book interview with co-author Kara Nance

  Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved.  Continue Reading

• Blockchain or bust? Experts debate applications for elections

  Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.  Continue Reading

• Cybersecurity budget relies on planning and negotiation

  Experts from Gartner and Forrester discuss how successful cybersecurity budgeting during these uncertain times requires planning, research and negotiation.  Continue Reading

• Technology a double-edged sword for U.S. election security

  Technologies are being weaponized to undermine the 2020 U.S. presidential election, but IT systems will also help identify fraud and verify results in a contested election.  Continue Reading

• Explore self-sovereign identity use cases and benefits

  The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt.  Continue Reading

• How self-sovereign identity principles suit the modern world

  There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.  Continue Reading

• Oversee apps with these 3 application security testing tools

  Unsecured applications can have dire consequences for enterprises. Discover how top app security testing tools on the market today protect apps and enhance developer productivity.  Continue Reading

• Inclusive job descriptions key for infosec hiring

  When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start.  Continue Reading

• Inclusivity a crucial step beyond diversity in cybersecurity

  Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well.  Continue Reading

• Cybersecurity new normal needs change in process, CISOs say

  As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal.  Continue Reading

• 'Secure by Design' principles include failures, exceptions

  Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines.  Continue Reading

• Exception handling best practices call for secure code design

  Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples.  Continue Reading

• Security team analyzes data breach costs for better metrics

  Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations.  Continue Reading

• Build shadow IT policy to reduce security risks

  Security risks have increased during the pandemic as remote workers try to get things done. Find out how CISOs can better manage by creating a shadow IT policy.  Continue Reading

• Which type of CISO are you? Company fit matters

  Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.  Continue Reading

• 10 tips for cybersecurity awareness programs in uncertain times

  Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you.  Continue Reading

• Security pros explain how to prevent cyber attacks

  Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks.  Continue Reading

• Security issues with working remotely (and how to fix them)

  With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely.  Continue Reading

• How CISOs can deal with cybersecurity stress and burnout

  Being a paramedic and working in cybersecurity taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles.  Continue Reading

• Zero-trust framework ripe for modern security challenges

  What is zero-trust security, and why deploy it now? Analysts explain its importance in the current IT era and how to get started with evaluation and implementation.  Continue Reading

• Minorities in cybersecurity face unique and lasting barriers

  IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them.  Continue Reading

• Complexity exacerbates cloud cybersecurity threats

  As cloud becomes intrinsic to IT, shifting roles have led to some risks being overlooked. But companies are getting smarter about alleviating cloud cybersecurity threats.  Continue Reading

• How cyber warfare laws limit risk on a digital battleground

  Retired Navy cryptologist implores enterprises to build key cyber warfare laws into their infosec strategy to improve survivability on the digital battleground in his new book.  Continue Reading

• The future of cyber warfare requires infosec's attention

  The future of cyber warfare places enterprise security and survivability in the crosshairs. Learn more about cyber warfare threats and capabilities and how infosec can prepare.  Continue Reading

• Why COVID-19 won't stop cybersecurity jobs and recruitment

  The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe.  Continue Reading

• Interconnected critical infrastructure increases cybersecurity risk

  Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks.  Continue Reading

• 6 tips to prevent a data breach and keep your enterprise safe

  Experts offer six tips about how to improve cybersecurity protection and response plans to mitigate the fallout of data breaches and attacks on sensitive information.  Continue Reading

• Invest in new security talent with cybersecurity mentorships

  Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must.  Continue Reading

• A case for both cybersecurity detection and prevention tools

  Companies need both detection and prevention cybersecurity tools to effectively keep data and employees safe from attackers. Just one or the other isn't enough.  Continue Reading

• How to build an effective IAM architecture

  Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization.  Continue Reading

• SASE adoption accelerating as workforce goes remote

  Experts suggest enterprises should consider SASE adoption for network security as the remote workforce grows in order to reduce cost and complexity.  Continue Reading

• How security testing could change after COVID-19

  As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT.  Continue Reading

• Guide to preventing coronavirus phishing and ransomware

  Malicious actors are taking advantage of coronavirus fears to wreak havoc on cybersecurity. Check out our guide to learn about phishing and ransomware threats and how to stop them.  Continue Reading

• Top 3 advantages of smart cards -- and potential disadvantages

  As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards.  Continue Reading

• IT and security teams collide as companies work from home

  The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security.  Continue Reading

• 8 leading identity and access management products for 2020

  IAM tools keep enterprises safe by ensuring only authorized users can access sensitive data and applications. Read this in-depth product overview of top tools on the market.  Continue Reading

• Advance your security operations center with AI

  Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes.  Continue Reading

• 5 IAM trends shaping the future of security

  Identity and access management tools are adapting with the times, and these five trends are here to meet the challenges of protecting today's complex enterprise networks.  Continue Reading

• Compare the top cloud-based IoT security platforms to protect devices

  IoT security tools can protect widely used computing devices that pose cybersecurity risks in the current remote work era. Explore the leading cloud-based options here.  Continue Reading

• How a security researcher spots a phishing email attempt

  When security expert Steven Murdoch spotted a phishing email in his inbox, the researcher in him decided to investigate. Here's what he learned about criminal phishing tactics.  Continue Reading

• The what, why and how of the Spring Security architecture

  Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.  Continue Reading

• Why developers need to know the Spring Security framework

  The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities.  Continue Reading

• One security framework may be key to cyber effectiveness

  The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations.  Continue Reading

• CISO stress and burnout cause high churn rate

  The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work.  Continue Reading

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.  Continue Reading

• Words to go: Types of phishing scams

  IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.  Continue Reading

• Mitigating ransomware and phishing attacks during a pandemic

  Where most see crisis, cybercriminals see opportunity. Learn how security leaders can meet the challenges of mitigating ransomware threats and phishing attacks during a pandemic.  Continue Reading

• Utilize SMB security tools to work from home safely

  With the global pandemic forcing enterprise workers home, SMB security tools can provide necessary protection for newly built home offices in order to keep business moving.  Continue Reading

• Cybersecurity impact analysis template for pandemic planning

  This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event.  Continue Reading

• Data security guide: Everything you need to know

  This data security guide digs into data protection and privacy compliance, explaining how to construct a proactive security strategy strengthened by best practices.  Continue Reading

• Securing a remote workforce amplifies common cybersecurity risks

  Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks.  Continue Reading

• Coronavirus phishing threats force heightened user awareness

  As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense.  Continue Reading

• Zero-trust management challenges outweighed by benefits

  The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises.  Continue Reading

• With US ban, Huawei products put CISOs on notice

  The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations.  Continue Reading

• Phishing protection: Keep employees from getting hooked

  Share this list of phishing techniques and detection tips to help employees avoid phishing schemes. Plus, review technologies to protect your enterprise from phishing attacks.  Continue Reading

• Skill building is key to furthering gender diversity in tech

  Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent.  Continue Reading

• 4 essential AI-enabled security concerns for buyers and vendors

  Experts offer four concerns for enterprises and vendors to discuss in order to deploy and run AI-based cybersecurity tools.  Continue Reading

• How to implement zero-trust security with real-life examples

  Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work.  Continue Reading

• Will nonprofit's evolution of zero trust secure consumer data?

  An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection?  Continue Reading

• AI Security Alliance urges clarity for buying AI security tools

  Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, an AI security expert advises.  Continue Reading

• CISA exam preparation requires learning ethics, standards, new vocab

  The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.  Continue Reading

• Explore 7 data loss prevention tools for utmost security

  Explore how DLP products secure enterprise data and these seven specialized vendors that provide protection through varying installation, platforms and features.  Continue Reading

• Coronavirus phishing scams increase amid pandemic's spread

  Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation.  Continue Reading

• Experts say CIA security triad needs a DIE model upgrade

  Using a distributed, immutable, ephemeral strategy instead of the traditional CIA triad could enable enterprises to encourage security by design and minimize risk, two experts say.  Continue Reading

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden.  Continue Reading

• ITOps security requires attention to training

  Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security.  Continue Reading

• How to secure data at rest, in use and in motion

  With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion.  Continue Reading

• Cyberinsurance coverage reflects a changing threat landscape

  A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program.  Continue Reading

• Windows IIS server hardening checklist

  Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use.  Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.  Continue Reading

• Software security testing and software stress testing basics

  In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program.  Continue Reading

• Zero-trust model case study: One CISO's experience

  Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises.  Continue Reading

• Beat common types of cyberfraud with security awareness

  Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud.  Continue Reading

• The Mirai IoT botnet holds strong in 2020

  More than three years after its first appearance, the Mirai botnet is still one of the biggest threats to IoT. Learn about its variants and how to protect against them.  Continue Reading

• Cisco CISO says today's enterprise must take chances

  Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure.  Continue Reading

• CISOs face a range of cybersecurity challenges in 2020

  Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020.  Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.  Continue Reading

• Can IDaaS adoption improve enterprise security posture?

  Experts suggest enterprises consider identity as a service as organizations' data management needs grow and access management becomes more complex.  Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy.  Continue Reading

• Cryptography basics: Symmetric key encryption algorithms

  Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here.  Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.  Continue Reading

• 5 application security threats and how to prevent them

  The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses.  Continue Reading

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.  Continue Reading

• Editor's picks: Most pressing cybersecurity stories in 2019

  As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months.  Continue Reading

• ICS security challenges and how to overcome them

  Security cannot be an afterthought in internet-connected industrial control systems. IEEE member Kayne McGladrey offers best practices to stay safe in a connected world.  Continue Reading

• Data breach risk factors, response model, reporting and more

  Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner.  Continue Reading

• The ins and outs of cyber insurance coverage

  Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing.  Continue Reading

• Ideal DevSecOps strategy requires the right staff and tools

  Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy.  Continue Reading

• Best practices to help CISOs prepare for CCPA

  With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations.  Continue Reading

• Role of AI in cybersecurity and 6 possible product options

  Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them.  Continue Reading