Features

Features

Information security program management

• What is the future of cybersecurity?

  Remote work is here to stay, so it's time to rethink the short-term fixes made in 2020. What else is in the cards? Here are the trends shaping the future of cybersecurity.  Continue Reading

• 2021 IT priorities require security considerations

  AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs?  Continue Reading

• Preparing for GIAC Certified Incident Handler certification

  The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding.  Continue Reading

• Enterprise cybersecurity threats spiked in 2020, more to come in 2021

  After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021.  Continue Reading

• Technology a double-edged sword for U.S. election security

  Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election.  Continue Reading

• 7 SecOps roles and responsibilities for the modern enterprise

  Now hiring: As organizations increasingly favor proactive cyber threat hunting and detection over bare-bones prevention, SecOps roles and responsibilities are shifting, too.  Continue Reading

• Security operations center use cases, strategies vary

  More CISOs are turning to security operations centers to centralize infosec processes, but experience shows SOC use cases will depend on the organization's infosec objectives.  Continue Reading

• Compare 5 SecOps certifications and training courses

  Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response.  Continue Reading

• Cybersecurity communication key to addressing risk

  As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged.  Continue Reading

• Weighing the future of firewalls in a zero-trust world

  Cybersecurity pros have been predicting the firewall's demise for years, yet the device is still with us. But does it have a place in zero-trust networks? One analyst says yes.  Continue Reading

• For cybersecurity training, positive reinforcement is best

  Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive reinforcement is the best way to get results.  Continue Reading

• Explore the top 3 zero-trust certifications and training courses

  Explore how zero-trust certifications and training options from Forrester, Cybrary and Pluralsight can build on your IT team's skills for a successful security migration.  Continue Reading

• The Ghidra Book interview with co-author Kara Nance

  Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved.  Continue Reading

• Blockchain or bust? Experts debate applications for elections

  Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections.  Continue Reading

• Explore self-sovereign identity use cases and benefits

  The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt.  Continue Reading

• How self-sovereign identity principles suit the modern world

  There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.  Continue Reading

• Inclusivity a crucial step beyond diversity in cybersecurity

  Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well.  Continue Reading

• Cybersecurity new normal needs change in process, CISOs say

  As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal.  Continue Reading

• Security team analyzes data breach costs for better metrics

  Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations.  Continue Reading

• Build shadow IT policy to reduce security risks

  Security risks have increased during the pandemic as remote workers try to get things done. Find out how CISOs can better manage by creating a shadow IT policy.  Continue Reading

• Which type of CISO are you? Company fit matters

  Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.  Continue Reading

• 10 tips for cybersecurity awareness programs in uncertain times

  Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you.  Continue Reading

• Zero-trust framework ripe for modern security challenges

  What is zero-trust security, and why deploy it now? Analysts explain its importance in the current IT era and how to get started with evaluation and implementation.  Continue Reading

• Minorities in cybersecurity face unique and lasting barriers

  IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them.  Continue Reading

• Why COVID-19 won't stop cybersecurity jobs and recruitment

  The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe.  Continue Reading

• Interconnected critical infrastructure increases cybersecurity risk

  Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks.  Continue Reading

• SASE adoption accelerating as workforce goes remote

  Experts suggest enterprises should consider SASE adoption for network security as the remote workforce grows in order to reduce cost and complexity.  Continue Reading

• Guide to preventing coronavirus phishing and ransomware

  Malicious actors are taking advantage of coronavirus fears to wreak havoc on cybersecurity. Check out our guide to learn about phishing and ransomware threats and how to stop them.  Continue Reading

• Advance your security operations center with AI

  Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes.  Continue Reading

• Cybersecurity impact analysis template for pandemic planning

  This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event.  Continue Reading

• Securing a remote workforce amplifies common cybersecurity risks

  Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks.  Continue Reading

• Coronavirus phishing threats force heightened user awareness

  As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense.  Continue Reading

• Zero-trust management challenges outweighed by benefits

  The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises.  Continue Reading

• With US ban, Huawei products put CISOs on notice

  The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations.  Continue Reading

• 4 essential AI-enabled security concerns for buyers and vendors

  Experts offer four concerns for enterprises and vendors to discuss in order to deploy and run AI-based cybersecurity tools.  Continue Reading

• How to implement zero-trust security with real-life examples

  Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work.  Continue Reading

• Will nonprofit's evolution of zero trust secure consumer data?

  An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection?  Continue Reading

• AI Security Alliance urges clarity for buying AI security tools

  Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, an AI security expert advises.  Continue Reading

• Experts say CIA security triad needs a DIE model upgrade

  Using a distributed, immutable, ephemeral strategy instead of the traditional CIA triad could enable enterprises to encourage security by design and minimize risk, two experts say.  Continue Reading

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden.  Continue Reading

• How to secure data at rest, in use and in motion

  With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion.  Continue Reading

• Cyberinsurance coverage reflects a changing threat landscape

  A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program.  Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.  Continue Reading

• Beat common types of cyberfraud with security awareness

  Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud.  Continue Reading

• Cisco CISO says today's enterprise must take chances

  Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure.  Continue Reading

• Editor's picks: Most pressing cybersecurity stories in 2019

  As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months.  Continue Reading

• The ins and outs of cyber insurance coverage

  Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing.  Continue Reading

• Ideal DevSecOps strategy requires the right staff and tools

  Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy.  Continue Reading

• Role of AI in cybersecurity and 6 possible product options

  Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them.  Continue Reading

• Designing the future of cyber threat intelligence sharing

  Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense.  Continue Reading

• Creating and managing a zero-trust security framework

  IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face.  Continue Reading

• 4 innovative ways to remedy the cybersecurity skills gap

  Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage.  Continue Reading

• Assessing the value of personal data for class action lawsuits

  Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation.  Continue Reading

• Report shows CISOs, IT unprepared for privacy regulations

  Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.  Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.  Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?  Continue Reading

• How the future of data privacy regulation is spurring change

  Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape.  Continue Reading

• Combat the human aspect of risk with insider threat management

  When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach.  Continue Reading

• Netscout CSO speaks to third-party risk, security gender gap

  Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry.  Continue Reading

• Your third-party risk management best practices need updating

  Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips.  Continue Reading

• Top tips for using the Kali Linux pen testing distribution

  It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman.  Continue Reading

• How to use SOAR tools to simplify enterprise infosec programs

  SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users.  Continue Reading

• Using DNS RPZ to pump up cybersecurity awareness

  Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites.  Continue Reading

• How does AttackSurfaceMapper help with attack surface mapping?

  A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement.  Continue Reading

• Varied options to solving the cybersecurity skills shortage

  There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik.  Continue Reading

• Cybersecurity automation won't fix the skills gap alone

  Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs.  Continue Reading

• Why is third-party risk management essential to cybersecurity?

  Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals.  Continue Reading

• Lack of cybersecurity skills fuels workforce shortage

  Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk.  Continue Reading

• Tackling IT security awareness training with a county CISO

  A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved.  Continue Reading

• Portrait of a CISO: Roles and responsibilities

  Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate.  Continue Reading

• Cisco engineer: Why we need more women in cybersecurity

  Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap.  Continue Reading

• Cybersecurity skills shortage prompts new hiring approach

  Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting.  Continue Reading

• Top 10 incident response vendors for 2019

  Leading incident response services include a variety of specialized tools to help organizations plan and manage their overall cybersecurity posture.  Continue Reading

• Top incident response tools to boost network protection

  Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks.  Continue Reading

• Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

  Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents.  Continue Reading

• How to fix the top 5 cybersecurity vulnerabilities

  Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses.  Continue Reading

• Incident response tools: How, when and why to use them

  The OODA loop can help organizations throughout the entire incident response process by giving them insight into which tools they need to detect and respond to security events.  Continue Reading

• 5 critical steps to creating an effective incident response plan

  With cyberthreats and security incidents growing by the day, every organization needs a solid plan for mitigating threats. Here's how to create yours.  Continue Reading

• How to build an incident response team for your organization

  The time to organize and train an IR team is long before a security incident occurs. Learn the practical steps needed to create an effective, cross-functional team.  Continue Reading

• How to become an incident responder: Requirements and more

  Incident response is a growth field that provides excitement and a good salary. Here's an in-depth look at requirements, salaries and the career path.  Continue Reading

• Top 5 incident response interview questions

  Job interviews are always nerve-wracking. But you can prepare now by honing your responses to the most likely interview questions for an incident response position.  Continue Reading

• 10 types of security incidents and how to handle them

  Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe.  Continue Reading

• Top 10 types of information security threats for IT teams

  Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond.  Continue Reading

• Build a proactive cybersecurity approach that delivers

  Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive.  Continue Reading

• Red alerts: Inside Cisco's incident response best practices

  Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises.  Continue Reading

• Security awareness training for executives keeps whaling at bay

  Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait.  Continue Reading

• 10 ways to prevent computer security threats from insiders

  Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders.  Continue Reading

• IT pros stress importance of security awareness training

  End-user naiveté can lead to costly data breaches, underscoring the critical importance of security awareness training. Learn how phishing simulation tools can help.  Continue Reading

• What makes BSA's secure software development framework unique?

  BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all.  Continue Reading

• Women in cybersecurity work to grow voice in US lawmaking

  To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress.  Continue Reading

• Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.  Continue Reading

• Challenges and benefits of using the Mitre ATT&CK framework

  Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started.  Continue Reading

• DHS-led agency works to visualize, share cyber-risk information

  A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain.  Continue Reading

• HPE takes aim at STEM and cybersecurity education, awareness

  HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry.  Continue Reading

• New game provides cybersecurity education for Girl Scouts

  A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game.  Continue Reading

• Zero-trust security model primer: What, why and how

  What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders.  Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.  Continue Reading

• Top 10 CISO concerns for 2019 span a wide range of issues

  From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019.  Continue Reading

• Battling nation-state cyberattacks in a federal leadership vacuum

  Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers.  Continue Reading

• Cyber NYC initiative strives to make New York a cybersecurity hub

  New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation.  Continue Reading