Information Security Policies Procedures and Guidelines
- March 24, 2020
What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.
- March 06, 2020
This Risk & Repeat podcast looks back at RSA Conference and discusses some of the highlights from the show, from ransomware trends to nation-state hacking discussions.
- March 04, 2020
Ransomware payments are insurable, but should they be? Several experts weighed in on the question, and the effect of cyberinsurance, during RSA Conference 2020.
- February 25, 2020
In his RSA Conference keynote, Rohit Ghai didn't say much about his company's sale to a private equity firm, instead urging attendees to focus on the 'human element' of security.
- January 23, 2020
UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys.
- January 14, 2020
The 2019 CrowdStrike Services Cyber Front Lines Report found that while the percentage of organizations that self-detected an intrusion is up, dwell time has gone up as well.
- January 08, 2020
Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S.
- December 12, 2019
The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks.
- August 07, 2019
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback.
- August 05, 2019
BlackBerry launched a new unified endpoint management platform, BlackBerry Intelligent Security, which changes security policies by calculating user risk.
- June 20, 2019
At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it.
- May 28, 2019
Malcolm Harkins, the chief security and trust officer at BlackBerry Cylance, says security controls that don't live up to their billing should be taking more blame for data breaches.
- March 07, 2019
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team.
- November 08, 2018
This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec.
- August 23, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new insights -- and questions -- regarding the coordinated disclosure effort for Meltdown and Spectre.
- August 13, 2018
During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre.
- August 09, 2018
During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process.
- August 03, 2018
News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more.
- July 31, 2018
Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy.
- June 18, 2018
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing.
- April 26, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss some of the major themes and debates from RSA Conference, from hacking back to GDPR compliance.
- April 26, 2018
The Internet Society expands its Mutually Agreed Norms for Routing Security, or MANRS, to IXPs as a means to protect the internet from route hijacking, leaks and IP address spoofing.
- April 11, 2018
Find out what's happening at the information security industry's biggest event with breaking news and analysis by the SearchSecurity team at the RSA Conference 2018 in San Francisco.
- March 22, 2018
At IBM's Think conference, executives discussed the importance of protecting and managing data as artificial intelligence offerings like Watson grow and touch more information.
- February 07, 2018
Apple and Cisco customers could get lucrative terms for cybersecurity insurance under a new partnership with insurance giant Allianz and global services firm Aon.
- January 05, 2018
Unprecedented Spectre and Meltdown CPU flaws required a vast coordinated vulnerability disclosure effort over six months and across dozens of organizations.
- December 28, 2017
Data breach fatigue should be put on hold after the Equifax data breach and Uber hack taught us painful lessons about enterprise security shortcomings.
- December 07, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.
- October 30, 2017
Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature.
- October 26, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss vulnerability marketing and compare how the recent KRACK attack and ROCA flaw were publicized and promoted.
- October 05, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss comments from the FBI's Donald Freese on the practice of blaming and shaming hacking victims and its effects.
- September 29, 2017
The FBI's Don Freese spoke at the (ISC)2 Security Congress this week about the need to end the practice of blaming hacking victims. But will infosec professionals listen?
- August 04, 2017
Enterprises may see paying up as a quick path to ransomware recovery, but experts said there are many issues to consider when making that choice.
- July 26, 2017
Facebook's Alex Stamos used his Black Hat 2017 keynote to address a wide variety of issues, including defensive security research and diversity in the infosec community.
- May 15, 2017
NIST released a report on lightweight cryptography. Expert Judith Myerson reviews what the report covers and what NIST recommends for standardization.
- May 11, 2017
This week's Risk & Repeat podcast looks at how a simple tweet about a Windows bug from Project Zero researcher Tavis Ormandy sparked a debate about vulnerability disclosure.
- May 04, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Symantec's continued struggles with certificate trust, and what Mozilla and Google are doing about it.
- April 19, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss mounting pressure on the Symantec certificate authority business to provide answers about its practices.
- February 16, 2017
An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility.
- February 16, 2017
Experts at RSAC 2017 discussed national cybersecurity policy suggestions for the new presidential administration, including what to do about encryption and the DHS mission.
- December 30, 2016
News roundup: FDA issues new medical device cybersecurity guidance. Plus, Obama announces the U.S. government's response to Russian hacking; PHP flaws patched; more.
- December 07, 2016
The final cybersecurity report from the Obama administration covered issues, including authentication, identity, infrastructure, cyberthreats and cooperation, but experts disagree on the key points.
- December 02, 2016
A new survey uncovered confusion in the C-suite about governance, risk and compliance responsibilities and which security compliance requirements may affect companies.
- November 17, 2016
New IoT security guidance from government agencies take on different aspects, with DHS tackling the basics and NIST giving a deeper take on securing new devices.
- September 21, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss the recent OPM breach report from Congress and what it means for the state of federal government cybersecurity.
- August 15, 2016
Following an embarrassing data breach, the Democratic National Committee has formed a cybersecurity advisory board, but experts have questioned the pedigree of board members.
- July 15, 2016
The EU-U.S. Privacy Shield framework takes effect, replacing Safe Harbor for transatlantic data flows; U.S. beefs up Cyber Command.
- May 24, 2016
Former computer science majors Lieu and Hurd wrote to their U.S. House of Representatives colleagues, urging improved awareness of cyber risks and cyberhygiene.
- May 24, 2016
Encryption shouldn't be used to protect people from themselves, especially if it gets in the way of innovation.
- May 13, 2016
MobileIron's enterprise mobile management software wasn't installed on the iPhone of San Bernardino shooter Syed Rizwan Farook. Was that the right move?
- May 12, 2016
The new Privacy Shield framework for transatlantic data flows faces challenges from Article 29 Working Party criticism, as well as U.S. changes to Rule 41 for computer searches.
- May 10, 2016
Twitter ordered its business partner Dataminr to cut off the Twitter firehose feed access for U.S. intelligence agencies, but experts expect the NSA won't miss much.
- March 03, 2016
Presenters at the RSA Conference 2016 said military-grade security for enterprise networks is possible by taking a zero-tolerance policy to network traffic.
- March 03, 2016
The U.S. Cyber Consequences Unit rolled out a new version of its cybersecurity checklist, which it claims will help reduce attacks by increasing the costs of those attacks.
- January 22, 2016
News roundup: California mulls a ban on encrypted smartphone sales; France backs away from encryption backdoors; EU and U.K. privacy regulations; key escrow fail and more.
- December 31, 2015
News roundup: China passes anti-terror law requiring tech firms' help on surveillance, while new analysis of North Korea's Red Star OS shows different approach to cybersecurity.
- December 30, 2015
Just weeks after its biggest security update of the year, Adobe issued emergency patches for a new round of Flash bugs, including one already being exploited by attackers.
- December 22, 2015
The Payment Card Industry Security Standards Council unexpectedly pushed back the deadline for enterprises to migrate off of early versions of TLS.
- December 04, 2015
News roundup: Chinese hacking activity drops in advance of US-China cyber talks, Australia blames China for major breach, mature malware, National Security Letter unveiled, and more.
- November 23, 2015
Adobe CSO Brad Arkin spoke at the recent Privacy. Security. Risk. 2015 event about his experiences dealing with the company's massive data breach two years ago.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- October 14, 2015
Windows 10 security incorporates years of improvements to remove or mitigate long-term issues with Windows vulnerabilities.
- August 07, 2015
In the wake of a major cyberattack, the process of rebuilding IT security can be daunting, but Christina Kubecka has some tips from her experiences with Saudi Aramco after a massive attack in 2012.
- July 30, 2015
Swiss research group modzero disclosed a vulnerability that enabled remote attacks on Xceedium's Xsuite privileged access manager.
- June 23, 2015
More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.
- June 12, 2015
News roundup: The call for ubiquitous HTTPS has grown stronger as of late; the White House and Apple are hoping to help push the movement. Plus: The cost of cybersecurity management to rise 38%; a 165% ransomware increase; gender salary gap closes?
- April 29, 2015
At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation.
- April 27, 2015
A new study from network security firm Fortinet shows that enterprise security confidence levels are high despite a lack of comprehensive security measures.
- April 23, 2015
At a roundtable discussion at RSA Conference 2015, security admins pondered what to do about bloated security portfolios.
- April 22, 2015
Cyberliability insurance gains popularity as industry experts warn that, contrary to popular belief, general insurance won't protect against cyberattacks.
- April 22, 2015
At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector.
- April 09, 2015
Enterprises may be increasingly aware of insider threats and believe they can find and stop them, but a new SANS Institute survey suggests they may be overconfident and lack the necessary insider threat-detection technology.
- April 03, 2015
Whether or not you think Bitcoin has a future, it has a couple of very interesting technological elements that will probably have a life of their own. The aspect that everyone talks about is that ...
- March 02, 2015
There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.
- February 26, 2015
According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity.
- February 25, 2015
Google's Project Zero has added more leeway to its vulnerability disclosure policy, but industry observers are split on whether 90 days is enough time to fix software flaws, or not enough time to manage a sensitive, resource-intensive process.
- February 18, 2015
A lot of what went on at the White House Summit on Cybersecurity and Consumer Protection, held at Stanford University last week was for show — a reaction in particular to the attacks allegedly ...
- February 13, 2015
Though I’ll admit to a bit of skepticism about Runtime Application Self Protection (RASP), I was nevertheless impressed with a recent look at Prevoty. The two-year-old company’s product, which ...
- January 23, 2015
A Ponemon Institute report highlights the biggest risks to endpoint security, and what IT professionals plan to do to fight back, including one controversial tactic in malware protection.
- January 21, 2015
The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.
- November 14, 2014
News roundup: A recent study revealed IT pros' confidence in implementing basic security measures is high, contradicting data that enterprises consistently fail to thwart basic attacks. Plus: BrowserStack hack lessons; responsible phishing reporting...
- November 10, 2014
Mergers and acquisitions present opportunities for attackers interested in valuable data, but experts say most enterprises fail to perform a network security assessment before proceeding with a deal.
- July 29, 2014
Corporate boards have increased their awareness of security issues, but experts say they still lack information security principles.
- April 22, 2014
The Verizon DBIR 2014 shows that organizations should build a security strategy around industry-specific threats and incident patterns.
- March 26, 2014
The Affordable Care Act introduced a number of infosec issues, but an expert at SecureWorld Boston 2014 said the right mitigations can ease concerns.
- March 12, 2014
Veteran CISOs say Target's move to create and fill its CISO role is a good one, but that can't be the end of the Target security program overhaul.
- January 21, 2014
A new survey shows enterprise users are often unaware of secure file-transfer policies, and many organizations make those policies too hard to follow.
- January 16, 2014
With news of more retail breaches imminent, experts say point-of-sale security is just one of many payment-processing infrastructure problems.
- December 23, 2013
The Target data breach highlighted a dirty secret in retail IT: "Holiday IT lockdown" periods that limit security activity put retailers at risk.
- October 22, 2013
Delayed by the government shutdown, the preliminary NIST Cybersecurity Framework offers general best practices for critical infrastructure security.
- September 27, 2013
Ran across the Fortune 1000 Cyber Disclosure Report, published earlier this month by Willis North America, a unit of Willis Group Holdings. The report found that among the Fortune 501-1,000, 22% ...
- August 13, 2013
Cyber liability insurance can provide a new layer of security in data breach or exploit situations, study finds.
- March 27, 2013
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.
- July 26, 2012
It seems the Federal Financial Institutions Examination Council could have done a little better with its cloud computing advisory. Earlier this month, the FFIEC issued a statement on outsourced ...
- July 18, 2012
A recent audit into U.S. federal agencies' adoption of cloud computing services highlighted challenges that likely would resonate with private enterprises looking to move applications to the cloud. ...
- July 11, 2012
AWS outage won't deter Netflix from the cloud. Netflix says it remains bullish on the cloud despite AWS outage.
- June 21, 2012
As the opening day of the 2012 Olympic Games nears, IT teams in the U.K. are busy expanding their companies’ security policies and reviewing their security contingency plans. They are preparing for ...
- June 14, 2012
Security awareness training often teaches the importance of password length and password complexity, but these best practices, as it turns out, may be creating a false sense of security. Even ...
- June 01, 2012
Security experts have warned about the potential problems caused by military cyberstrikes. Experts say cyberwarfare is difficult to plan and worse, it puts innocent people at risk. Stuxnet was part ...
- May 31, 2012
After working hard to create sound security policies, it's easy for enterprise information security managers to be dismayed when users ignore the rules and knowingly bypass security controls. When ...