Penetration testing can help find vulnerabilities that aren't typically identified by scanning and other monitoring. But the testing comes with some risks, Duke Health CISO Chuck Kelser and pen tester John Nye explain in a joint interview.
As more data moves to the cloud, and cyberattacks multiply, organizations need to adopt an alternate paradigm of security, says Nikhil V. Bagalkotkar, a virtualization specialist at Citrix, who describes a new approach.
Leading the latest edition of the ISMG Security Report: America's top general says the U.S. response to Russian election interference isn't as well coordinated as it needs to be, and Pennsylvania sues Uber for failing to notify data breach victims in a timely manner.
Leading the latest edition of the ISMG Security Report: President Trump has not authorized the National Security Agency to go after Russian election hackers at the source. Also, 23,000 digital certificates get revoked after their private keys get leaked, and an analysis of deception technologies.
Despite the millions of dollars companies invest in cybersecurity programs, advanced persistent attackers constantly devise new means of breaking into corporate environments. How can deception technology offer a new alternative? Ofer Israeli of Illusive Networks explains.
Interest in deception technology is growing because it can play a valuable role in improving intrusion detection, says Anton Chuvakin of Gartner, who explains the intricacies of the emerging technology in an in-depth interview.
Attorney Steven Teppler, who recently wrote a report that addresses risks related to the internet of things, offers insights on risk management steps organizations in all sectors must take as IoT devices proliferate in the enterprise.
As banking institutions of all sizes maximize their digital channels, there is growing tension between the need to prevent fraud and the desire to maintain a frictionless customer experience. IBM Trusteer's Valerie Bradford discusses how to defuse this tension.
Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to influence U.S. politics. Also, a feature in Australia's new real-time payment system could be abused by identity thieves.
Cyber intelligence expert Tom Kellermann discusses the significance and impact of the announcement that 13 Russian nationals and three Russian entities were indicted Friday for allegedly meddling in the 2016 presidential election.
Leading the latest edition of the ISMG Security Report: U.S. intelligence chiefs warn Congress that Russia's information operations continue, while Europol says criminals love cryptocurrencies, both for stealing via scams as well as to launder "dirty money."
As internet of things devices become increasingly common in the enterprise, CISOs must lead the way in making sure emerging security issues, including a higher risk of distributed denial-of-service attacks, are adequately addressed, says John Pescatore of the SANS Institute, which offers training for CISOs and others.
In an exclusive, in-depth analysis, a panel of security experts concludes that India's recent Aadhaar data security conundrum, resulting in identity theft and data breaches, was due to poor implementation of security, monitoring and authentication mechanisms.
Leading the latest edition of the ISMG Security Report: England's Court of Appeal rejects U.S. extradition request for suspected hacker Laurie Love. Also, what took Uber and Partners Health so long to come clean about their respective data breaches?