Features

Features

Information security risk management

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.  Continue Reading

• Rise in ransomware attacks prompts new prevention priorities

  Officials predict that already widespread ransomware attacks will only grow in scale and influence, while urging organizations to act now to guard against them.  Continue Reading

• Build new and old strategies into insider threat management

  The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture.  Continue Reading

• On a penetration tester career path, flexibility and curiosity are key

  Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path.  Continue Reading

• Combat the human aspect of risk with insider threat awareness

  When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach.  Continue Reading

• Netscout CSO speaks to third-party risk, security gender gap

  Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry.  Continue Reading

• Your third-party risk management best practices need updating

  Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips.  Continue Reading

• Top tips for using the Kali Linux pen testing distribution

  It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman.  Continue Reading

• Using DNS RPZ to pump up cybersecurity awareness

  Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites.  Continue Reading

• New evasive spear phishing attacks bypass email security measures

  Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate.  Continue Reading

• How does AttackSurfaceMapper help with attack surface mapping?

  A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement.  Continue Reading

• How to identify and evaluate cybersecurity frameworks

  Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how to go about choosing and using one.  Continue Reading

• Why is third-party risk management essential to cybersecurity?

  Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals.  Continue Reading

• Lack of cybersecurity skills fuels workforce shortage

  Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk.  Continue Reading

• For board of directors, cybersecurity literacy is essential

  For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way.  Continue Reading