Opinion

Opinion

• Industries seek to improve third-party security risk controls

  Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.  Continue Reading

• White hat Dave Kennedy on purple teaming, penetration testing

  Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.  Continue Reading

• Kurt Huhn discusses the role of CISO in the Ocean State

  A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.  Continue Reading

• Why a unified local government security program is crucial

  When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.  Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.  Continue Reading

• Fannie Mae CISO calls for more data on security incidents

  Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.  Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.  Continue Reading

• Q&A: Why data security controls are a hard problem to solve

  Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist.  Continue Reading

• Walmart's Jerry Geisler on the CISO position, retail challenges

  A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation.  Continue Reading

• Cybercrime study: Growing economic ecosystem spells trouble

  New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what?  Continue Reading

• Marcus Ranum decodes hardware vulnerabilities with Joe Grand

  Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand.  Continue Reading

• Healthcare CISO: 'Hygiene and patching take you a long way'

  Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details.  Continue Reading

• Cost of data privacy breach may not be enough

  While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook.  Continue Reading

• Fred Cohen on strategic security: 'Start with the assumptions'

  Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance.  Continue Reading

• Data protection compliance costs less than noncompliance

  Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math.  Continue Reading