Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist.

Are long passphrases the answer to password problems?

Are long passphrases the answer to password problems?

Passphrases can be more secure than passwords, but there are limitations and hackers will eventually master cracking them.

The best password advice right now

The best password advice right now

Short and crackable vs. long, complex and prone to reuse? The password debate rages on.

Wanted: Data breach risk ratings, because not all breaches are equal

Wanted: Data breach risk ratings, because not all breaches are equal

We need a system for data breaches that rates the real risk associated with the compromised data.

Do you still need a firewall?

Do you still need a firewall?

Traditional firewall software no longer provides meaningful security, but the latest generation now offers both client-side and network protection.

10 topics every security training program should cover

10 topics every security training program should cover

A thorough end-user education program is a necessary weapon in the battle to protect your perimeter. These 10 topics are the baseline of what to include in an awareness training program.

5 hard truths every CISO should know

5 hard truths every CISO should know

Security professionals ignore these truths at their own peril. The common theme across all five: Don't underestimate the risk of social engineering and poor patching policies.

12 things every IT security professional should know

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

What is WebAuthN? Possibly the answer to all web authentication

What is WebAuthN? Possibly the answer to all web authentication

With strong support from Google, Microsoft and other vendors, WebAuthN is poised to become a true standard for passwordless authentication over the web.

Why you should consider crowdsourcing IT security services

Why you should consider crowdsourcing IT security services

Whether you need a pentesting team, a bug bounty program, or a vulnerability disclosure plan, several crowdsourcing platforms can take the risk and pain from the process.

Preparing for the day quantum computing cracks public-key cryptography: What to do now

Preparing for the day quantum computing cracks public-key cryptography: What to do now

Quantum computers could crack public-key encryption in as little as five years. Here's how to prepare for the post-quantum world.

How quantum computers will destroy and (maybe) save cryptography

How quantum computers will destroy and (maybe) save cryptography

Quantum computers advance mean we might have only a few years before they can break all public key encryption. The day when every secret is known is near.

8 types of malware and how to recognize them

8 types of malware and how to recognize them

Think you know your malware? Here's a refresher to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit

Analyzing user behavior to stop fake accounts

Analyzing user behavior to stop fake accounts

Online account fraud is a big, automated business. NuData Security looks at hundreds of data points to identify malicious login attempts.

What is continuous user authentication? The best defense against fraud

What is continuous user authentication? The best defense against fraud

Authenticating all user actions and attributes throughout a session ultimately provides the best defense against fraud and account abuse.

Kenna Security takes a data-driven approach to risk analysis

Kenna Security takes a data-driven approach to risk analysis

Risk from security threats is relative to each company. Kenna Security leverages company and public data to pinpoint the real risk for each customer.

4 scams that illustrate the one-way authentication problem

4 scams that illustrate the one-way authentication problem

These scams rely on tricking consumers into believing they are interacting with a trusted vendor. Here’s how vendors can prevent the scams.

Review: Corelight adds security clues to network packet analysis

Review: Corelight adds security clues to network packet analysis

In the tradition of other great network analysis tools like Bro and Sourcefire, Corelight gives security pros deep insight into data traffic on the systems they defend.

Why you need centralized logging and event log management

Why you need centralized logging and event log management

Collecting too much log data overwhelms systems and staff. Centralized event log management lets you filter for the most significant security data.

How to evaluate web authentication methods

How to evaluate web authentication methods

Authentication evaluation white paper includes popular and obscure methods and outlines a framework for assessing their security effectiveness.

Are regulations keeping you from using good passwords?

Are regulations keeping you from using good passwords?

Most companies are using password "best practices" that are out of date and ineffective. Regulations are getting in the way of changing them.

Load More