Business Operations

Business Operations | News, how-tos, features, reviews, and videos

CSO: Have you met these hackers? [slide 04]
Russian hammer and sickle / binary code

API security alert / software development / application flow chart diagram

Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.

A man casts the shadow of an ominous hooded figure against a circuit-based wall.

Proofpoint lawsuits underscore risk of employee offboarding

Nearly every employee leaving a company takes data or intellectual property, but few companies adequately screen and monitor for it. Recent court cases underscore the risk.

Insider threats  >  Employees suspiciously peering over cubicle walls

China theft of US agriculture sector trade secrets prompts government guidance

China and other countries have used insiders to steal intellectual property from agricultural research. The government has responded with guidance for identifying insider threats.

A magnifying lens examines top secret information amid binary code.

Intellectual property protection: 10 tips to keep IP safe

Your company's intellectual property, whether that's patents, trade secrets or just employee know-how, may be more valuable than its physical assets. This primer covers everything from establishing basic policies and procedures for IP...

lawsuit judge law court decision sued money

7 steps to protect against ransomware-related lawsuits

How a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue.

Tech Spotlight   >   Cloud [CSO]   >   Conceptual image of laptop users with cloud security overlay.

CISOs: Do you know what's in your company’s products?

CISOs need to take a more direct role in the operations side of the business to help build security in by design.

Digital fingerprints are virtually connected. [tracking / identity / genetics / data privacy]

Supply-chain attack on Kaseya remote management software targets MSPs

REvil ransomware pushers exploit zero-day flaw in Kaseya VSA to infect MSPs and their customers.

typewriter are you ready prepare contingency disaster recovery

Tabletop exercises: Six sample scenarios

Tabletop exercises are a low-stress, high-impact way to test your plans for handling a crisis. Here are some tips for getting the most out of the process, plus six scenarios you can use to start your journey.

supply chain management controls - ERP - Enterprise Resource Planning

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.

malware attack

6 most common types of software supply chain attacks explained

Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.

backdoor / abstract security circuits, locks and data blocks

Previously undocumented backdoor targets Microsoft’s Equation Editor

RoyalRoad backdoor delivered via spear phishing was identified in an attack on a Russian-based defense contractor.

vulnerable breach cyberattack hacker

CISA issues guidance on defending against software supply chain attacks

The government makes recommendations for both organizations and software vendors to minimize the risk of software compromised by a criminal or foreign adversary.

backdoor / abstract security circuits, locks and data blocks

5 questions CISOs should be able to answer about software supply chain attacks

The SolarWinds attack put a spotlight on the threats that compromised third-party software present organizations. Here are the top questions executive management, boards and partners are asking CISOs about their preparedness.

cso ts analytics  by monsitj getty images 2400x1600

How to protect algorithms as intellectual property

Algorithms can now be considered trade secrets or even patent-worthy. Prevent them from being stolen by taking these security steps.

A laptop with a virtual overlay of abstract code and a binary skull.

Protecting high-value research data from nation-state attackers

Recent nation-state campaigns to steal COVID-related research data underscores the threat to all research organizations. The best defense starts with knowing the enemy.

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

information security 2

How to write an information security policy

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Load More