"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.
A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.
Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.
Malcolm Harkins has a unique role. He oversees both security and privacy for global technology vendor Intel. What tips does he offer individuals who seek to build careers in either discipline - or both?
The chief executive of the Finnish company that uncovered the Internet website vulnerability known as Heartbleed says security practitioners should rethink how they approach IT security by placing a greater emphasis on vetting software for vulnerabilities.
Starting now, healthcare organizations using Microsoft Windows XP-based medical devices better have short- and long-term strategies to address cybersecurity, says medical device security researcher Kevin Fu.
To boost cybersecurity, senior leaders - whether a CEO, a board member or a government agency director - need to think of information as a critical asset worthy of protection, risk management experts Val Rahmani and Malcolm Harkins say.
Even so-called minor breaches can cost organizations nearly $200,000, according to one finding from NTT Group's annual Intelligence Report. Rob Kraus of Solutionary shares the study's insights and advice.
Advanced threats are like the weather. Everyone talks about them, but few have a solid defense plan - or even a solid understanding of the threat landscape. Mike Nichols of General Dynamics Fidelis Cybersecurity Solutions offers insight.
Information security and privacy work in healthcare environments often requires a depth of specialized knowledge and competency that can be validated through the help of professional credentialing, says CISO Sean Murphy.