Security Awareness

Security Awareness news, information, and how-to advice

Why security professionals need to get more creative with penetration testing (and how to do it)

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness

Think tank challenges Heartbleed handwringing

Recent opinion piece has researchers debating seriousness of the OpenSSL flaw


How to create awareness of the insider threat

Snowden causes companies to consider doing what was unthinkable

How you need to respond to Heartbleed, and how you can explain it to others

With the flood of information surfacing about Heartbleed, it is important to distill to the immediate steps to take to protect our organizations and those we serve. This article covers the five actions for organizations, three for...

CDW Integrates with Google Apps for Cloud Collaboration

Through a partnership with Google and Esna Technologies, CDW has rolled out native access to the CDW Cloud Collaboration suite within Google Apps.

IT leaders share tips on managing security risks

Too much security -- or too little -- could bankrupt a company. These IT executives offer advice on finding the right balance.

HOCO CISO program breaking ground with "virtual" CISOs

Program in Howard County, Maryland is making waves by providing security counsel to those who otherwise couldn't afford it

Security should no longer be 'cementing' the status quo

If your security program is struggling, don't stick with it simply because it's the way things have always been done. Sometimes, adaptation and change can be for the better

Malware in pirated software is costing us all billions

Criminals, by their very nature, can’t be trusted. It may seem like a bargain to be able to get pirated software cheap, or even free, but when you acquire software illegally you also open yourself up to other risks and security...

Cloud Computing eGuide

In this eGuide, CIO, Computerworld, and InfoWorld offer advice, tips, news, and predictions regarding cloud implementations in the coming year and beyond. Read on to learn how to make cloud work for your organization.

Full Disclosure shuts down

In a move that I'm still trying to comprehend, it appears that the Full Disclosure mailing list is closing up shop. After a run that started in 2002 the owners of the list have decided to hang up their spurs.

Who put the cockroach in my supply chain?

Businesses have always had concerns about supply chain risks but, for most businesses, those risks involve shipping delays, parts shortages and labor issues. But that’s starting to change as evidenced by CSOonline’s recent coverage on

7 strategies for a successful DLP strategy

Investing in DLP technology can be costly and time consuming. Sapient's CISO Curtis Dalton offers tips on starting slow for an effective plan

SOURCE Boston 2014

Launched in 2008 the SOURCE Boston conference has grown to become one of the must attend security events. Along with the sister conferences in Dublin and Seattle they provide for some rather excellent content. The event usually draws...

Why Projects Fail

CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference

Big Data still 'a new frontier' for most of the public sector

NSA surveillance technology is cutting edge, but for most of the government, Big Data analytics is a promise unfulfilled

Top 5 skills needed for a SOC analyst

Whether building a new Security Operations Center or revamping an existing one, staffing it with analysts that are equipped with the proper skills sets should be priority number one, says Palo Alto's Rick Howard (registration required)

Good security begins with effective threat modeling

At the beginning of February I flew out to Seattle and spent some time on the Microsoft campus talking with various leaders of Microsoft Trustworthy Computing.

Why Projects Fail

CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.

From points A to Z: Examining random Phishing email

Salted Hash examines a Phishing email, tracking the message to its source - a compromised school district - in an attempt to do some good, and maybe learn something.

Refusing to see the elephants on the lawn

The other day I was walking through the airport in Toronto. For once I wasn't going to catch a plane or was returning from some place. It was nice. I had a meeting that went well and I was walking back to the car. As I made my way...

The risk of offshoring security

Outsourcing across all industries has become commonplace, but as the InfoSec Institute's Kim Crawley points out, the economical and security issues of such a trend may cause irreparable damage

Why your security incident reporting process matters

The only expected outcome of a properly defined security awareness program is that people report *suspected* incidents. But that means the incident reporting program needs to match the needs of people. Here's the challenge: just...

Load More