Features
Features
Information security program management
-
What is the future of cybersecurity?
Remote work is here to stay, so it's time to rethink the short-term fixes made in 2020. What else is in the cards? Here are the trends shaping the future of cybersecurity. Continue Reading
-
2021 IT priorities require security considerations
AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading
-
Preparing for GIAC Certified Incident Handler certification
The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding. Continue Reading
-
Enterprise cybersecurity threats spiked in 2020, more to come in 2021
After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021. Continue Reading
-
Technology a double-edged sword for U.S. election security
Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election. Continue Reading
-
7 SecOps roles and responsibilities for the modern enterprise
Now hiring: As organizations increasingly favor proactive cyber threat hunting and detection over bare-bones prevention, SecOps roles and responsibilities are shifting, too. Continue Reading
-
Security operations center use cases, strategies vary
More CISOs are turning to security operations centers to centralize infosec processes, but experience shows SOC use cases will depend on the organization's infosec objectives. Continue Reading
-
Compare 5 SecOps certifications and training courses
Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response. Continue Reading
-
Cybersecurity communication key to addressing risk
As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged. Continue Reading
-
Weighing the future of firewalls in a zero-trust world
Cybersecurity pros have been predicting the firewall's demise for years, yet the device is still with us. But does it have a place in zero-trust networks? One analyst says yes. Continue Reading
-
For cybersecurity training, positive reinforcement is best
Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive reinforcement is the best way to get results. Continue Reading
-
Explore the top 3 zero-trust certifications and training courses
Explore how zero-trust certifications and training options from Forrester, Cybrary and Pluralsight can build on your IT team's skills for a successful security migration. Continue Reading
-
The Ghidra Book interview with co-author Kara Nance
Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
-
Blockchain or bust? Experts debate applications for elections
Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections. Continue Reading
-
Explore self-sovereign identity use cases and benefits
The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
-
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading
-
Inclusivity a crucial step beyond diversity in cybersecurity
Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well. Continue Reading
-
Cybersecurity new normal needs change in process, CISOs say
As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal. Continue Reading
-
Security team analyzes data breach costs for better metrics
Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations. Continue Reading
-
Build shadow IT policy to reduce security risks
Security risks have increased during the pandemic as remote workers try to get things done. Find out how CISOs can better manage by creating a shadow IT policy. Continue Reading
-
Which type of CISO are you? Company fit matters
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you. Continue Reading
-
10 tips for cybersecurity awareness programs in uncertain times
Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you. Continue Reading
-
Zero-trust framework ripe for modern security challenges
What is zero-trust security, and why deploy it now? Analysts explain its importance in the current IT era and how to get started with evaluation and implementation. Continue Reading
-
Minorities in cybersecurity face unique and lasting barriers
IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them. Continue Reading
-
Why COVID-19 won't stop cybersecurity jobs and recruitment
The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe. Continue Reading
-
Interconnected critical infrastructure increases cybersecurity risk
Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks. Continue Reading
-
SASE adoption accelerating as workforce goes remote
Experts suggest enterprises should consider SASE adoption for network security as the remote workforce grows in order to reduce cost and complexity. Continue Reading
-
Guide to preventing coronavirus phishing and ransomware
Malicious actors are taking advantage of coronavirus fears to wreak havoc on cybersecurity. Check out our guide to learn about phishing and ransomware threats and how to stop them. Continue Reading
-
Advance your security operations center with AI
Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes. Continue Reading
-
Cybersecurity impact analysis template for pandemic planning
This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event. Continue Reading
-
Securing a remote workforce amplifies common cybersecurity risks
Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks. Continue Reading
-
Coronavirus phishing threats force heightened user awareness
As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense. Continue Reading
-
Zero-trust management challenges outweighed by benefits
The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises. Continue Reading
-
With US ban, Huawei products put CISOs on notice
The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations. Continue Reading
-
4 essential AI-enabled security concerns for buyers and vendors
Experts offer four concerns for enterprises and vendors to discuss in order to deploy and run AI-based cybersecurity tools. Continue Reading
-
How to implement zero-trust security with real-life examples
Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work. Continue Reading
-
Will nonprofit's evolution of zero trust secure consumer data?
An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection? Continue Reading
-
AI Security Alliance urges clarity for buying AI security tools
Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, an AI security expert advises. Continue Reading
-
Experts say CIA security triad needs a DIE model upgrade
Using a distributed, immutable, ephemeral strategy instead of the traditional CIA triad could enable enterprises to encourage security by design and minimize risk, two experts say. Continue Reading
-
How privacy compliance rules will affect IT security
As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden. Continue Reading
-
How to secure data at rest, in use and in motion
With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion. Continue Reading
-
Cyberinsurance coverage reflects a changing threat landscape
A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program. Continue Reading
-
Security testing web applications and systems in the modern enterprise
Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age. Continue Reading
-
Beat common types of cyberfraud with security awareness
Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud. Continue Reading
-
Cisco CISO says today's enterprise must take chances
Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure. Continue Reading
-
Editor's picks: Most pressing cybersecurity stories in 2019
As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months. Continue Reading
-
The ins and outs of cyber insurance coverage
Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
-
Ideal DevSecOps strategy requires the right staff and tools
Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
-
Role of AI in cybersecurity and 6 possible product options
Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them. Continue Reading
-
Designing the future of cyber threat intelligence sharing
Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
-
Creating and managing a zero-trust security framework
IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face. Continue Reading
-
4 innovative ways to remedy the cybersecurity skills gap
Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading
-
Assessing the value of personal data for class action lawsuits
Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation. Continue Reading
-
Report shows CISOs, IT unprepared for privacy regulations
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading
-
A cybersecurity skills gap demands thinking outside the box
Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe. Continue Reading
-
AI for good or evil? AI dangers, advantages and decisions
Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field? Continue Reading
-
How the future of data privacy regulation is spurring change
Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading
-
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
-
Netscout CSO speaks to third-party risk, security gender gap
Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry. Continue Reading
-
Your third-party risk management best practices need updating
Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips. Continue Reading
-
Top tips for using the Kali Linux pen testing distribution
It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman. Continue Reading
-
How to use SOAR tools to simplify enterprise infosec programs
SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
-
Using DNS RPZ to pump up cybersecurity awareness
Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading
-
How does AttackSurfaceMapper help with attack surface mapping?
A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement. Continue Reading
-
Varied options to solving the cybersecurity skills shortage
There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik. Continue Reading
-
Cybersecurity automation won't fix the skills gap alone
Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs. Continue Reading
-
Why is third-party risk management essential to cybersecurity?
Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
-
Lack of cybersecurity skills fuels workforce shortage
Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk. Continue Reading
-
Tackling IT security awareness training with a county CISO
A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading
-
Portrait of a CISO: Roles and responsibilities
Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
-
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
-
Cybersecurity skills shortage prompts new hiring approach
Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting. Continue Reading
-
Top 10 incident response vendors for 2019
Leading incident response services include a variety of specialized tools to help organizations plan and manage their overall cybersecurity posture. Continue Reading
-
Top incident response tools to boost network protection
Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading
-
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
-
How to fix the top 5 cybersecurity vulnerabilities
Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses. Continue Reading
-
Incident response tools: How, when and why to use them
The OODA loop can help organizations throughout the entire incident response process by giving them insight into which tools they need to detect and respond to security events. Continue Reading
-
5 critical steps to creating an effective incident response plan
With cyberthreats and security incidents growing by the day, every organization needs a solid plan for mitigating threats. Here's how to create yours. Continue Reading
-
How to build an incident response team for your organization
The time to organize and train an IR team is long before a security incident occurs. Learn the practical steps needed to create an effective, cross-functional team. Continue Reading
-
How to become an incident responder: Requirements and more
Incident response is a growth field that provides excitement and a good salary. Here's an in-depth look at requirements, salaries and the career path. Continue Reading
-
Top 5 incident response interview questions
Job interviews are always nerve-wracking. But you can prepare now by honing your responses to the most likely interview questions for an incident response position. Continue Reading
-
10 types of security incidents and how to handle them
Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe. Continue Reading
-
Top 10 types of information security threats for IT teams
Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond. Continue Reading
-
Build a proactive cybersecurity approach that delivers
Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
-
Red alerts: Inside Cisco's incident response best practices
Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises. Continue Reading
-
Security awareness training for executives keeps whaling at bay
Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait. Continue Reading
-
10 ways to prevent computer security threats from insiders
Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders. Continue Reading
-
IT pros stress importance of security awareness training
End-user naiveté can lead to costly data breaches, underscoring the critical importance of security awareness training. Learn how phishing simulation tools can help. Continue Reading
-
What makes BSA's secure software development framework unique?
BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all. Continue Reading
-
Women in cybersecurity work to grow voice in US lawmaking
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress. Continue Reading
-
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
-
Challenges and benefits of using the Mitre ATT&CK framework
Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started. Continue Reading
-
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
HPE takes aim at STEM and cybersecurity education, awareness
HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry. Continue Reading
-
New game provides cybersecurity education for Girl Scouts
A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
-
Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders. Continue Reading
-
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
-
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
-
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
-
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading