Strategy

Strategy news, analysis, research, how-to, opinion, and video.

burlap money bag
glass ceiling executive

bug bounty

How much is a bug worth?

With recent increases in bug bounty amounts in the news, Bugcrowd shows how a bug bounty amount is calculated.

endpoint protection

10 must-ask questions for evaluating EDR tools

Are you thinking about investing in an endpoint detection and response solution? These pre-purchase questions will help you find the tool that meets your needs.

workplace violence

Workplace violence: Prevention and response

Every year nearly 2 million Americans are victims of workplace violence, which is defined as any act or threat of physical violence, harassment, intimidation or other disruptive behavior that occurs at the work site. This article will...

accusation

What's the value in attack attribution?

Does attack attribution and knowing your adversaries really matter when it comes to securing the enterprise?

CISOs

Congrats - you’re the new CISO…now what

Before you buy that new shiny product, throw that old one in the trash, hire that whiz kid dressed in black, or change that process, you need foundational visibility into your security posture regarding what’s working and what’s not....

fuel pod aircraft carrier jet

Hacking for Defense to solve national security challenges

As the speed and complexity of America's national security threats increase, so too must its response. Using Lean Startup methodologies, schools like Stanford and Georgetown University are harnessing the collective intellect of their...

shadow it

How the DOT discovered its network was compromised by shadow IT

Finding of hundreds of pieces of unauthorized networking equipment, including many off-the-shelf consumer-grade devices, compelled the Department of Transportation CIO to alert department leadership and launch a rearchitecture of the...

money

RSAC 2017: The end of easy cash bounties

Industry evolution eliminates chances of bug hunters to get easy cash for trivial vulnerabilities.

training room

Gartner and industry experts on the booming market for security awareness training

Training the world's employees on how to detect and respond to spear phishing and other hacks aimed at users will cost billions of dollars. But it may be the world's best ROI in the war against cybercrime - which is predicted to cost...

cloud data disaster breach 100453001 orig

Why you need a data protection officer

Enforcement of the European Union's General Data Protection Regulation (GDPR) is set to start in about 18 months, giving regulators the ability to levy massive fines. Getting ready may require a data protection officer

question man

How to gain the trust of the board

One of the keys that can make a good CSO presentation a great one is by ensuring the data being reported actually has relevance on specific business risks the organization is most likely to encounter (rather than assembling a...

us china russia

Russia, China -- and the US -- are biggest geopolitical cybersecurity threats

Russia and China have the more advanced cyber capabilities and are the highest potential of severe impact, but the US and its allies also pose global security concerns, according to a report released this morning by Flashpoint

backwards up slide

Defensive regression in cybersecurity

There has been a lot of talk lately about defensive regression in cybersecurity. But what exactly is defensive regression? It's not the regression that Sigmund Freud talks about, although there are plenty of folks that don't act like...

measurements

Promoting efficiencies through security metrics

Creating metrics for a security program can be a challenge for many organizations. Troy Leach, CTO of Payment Card Industry Security Standards Council, discusses best practices for creating meaningful security metrics.

bug bounty

Why companies offer a hacking bounty -- and why there are challenges

Want to make a cool $20,000? All you have to do is hack the Nintendo 3DS, a handheld console that’s been out for a few years already. A listing on HackerOne spells everything out. There’s a range for this, of course -- some...

When your threat intelligence just isn’t producing value you need to pivot

Josh Lefkowitz of Flashpoint shares his experience leading the pivot from threat intelligence to business risk intelligence and explains the enterprise benefit for security leaders

gap stretching

Bridging the CIO and CISO divide

Why identity and access management is at the core of the gulf between these two C-suite roles.

Group of executives holding trophy photo winners people men woman award

Incident response and our 'culture of winning'

Security professionals understand the immense value of a formal incident response plan, but management may not always see it the same way, especially as it may be viewed by stockholders or other interests as a "plan to fail". But...

Load More