Business Operations

Business Operations | News, how-tos, features, reviews, and videos

A man casts the shadow of an ominous hooded figure against a circuit-based wall.
Insider threats  >  Employees suspiciously peering over cubicle walls

A magnifying lens examines top secret information amid binary code.

Intellectual property protection: 10 tips to keep IP safe

Your company's intellectual property, whether that's patents, trade secrets or just employee know-how, may be more valuable than its physical assets. This primer covers everything from establishing basic policies and procedures for IP...

lawsuit judge law court decision sued money

7 steps to protect against ransomware-related lawsuits

How a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue.

Tech Spotlight   >   Cloud [CSO]   >   Conceptual image of laptop users with cloud security overlay.

CISOs: Do you know what's in your company’s products?

CISOs need to take a more direct role in the operations side of the business to help build security in by design.

Digital fingerprints are virtually connected. [tracking / identity / genetics / data privacy]

Supply-chain attack on Kaseya remote management software targets MSPs

REvil ransomware pushers exploit zero-day flaw in Kaseya VSA to infect MSPs and their customers.

typewriter are you ready prepare contingency disaster recovery

Tabletop exercises: Six sample scenarios

Tabletop exercises are a low-stress, high-impact way to test your plans for handling a crisis. Here are some tips for getting the most out of the process, plus six scenarios you can use to start your journey.

supply chain management controls - ERP - Enterprise Resource Planning

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.

malware attack

6 most common types of software supply chain attacks explained

Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.

backdoor / abstract security circuits, locks and data blocks

Previously undocumented backdoor targets Microsoft’s Equation Editor

RoyalRoad backdoor delivered via spear phishing was identified in an attack on a Russian-based defense contractor.

vulnerable breach cyberattack hacker

CISA issues guidance on defending against software supply chain attacks

The government makes recommendations for both organizations and software vendors to minimize the risk of software compromised by a criminal or foreign adversary.

backdoor / abstract security circuits, locks and data blocks

5 questions CISOs should be able to answer about software supply chain attacks

The SolarWinds attack put a spotlight on the threats that compromised third-party software present organizations. Here are the top questions executive management, boards and partners are asking CISOs about their preparedness.

cso ts analytics  by monsitj getty images 2400x1600

How to protect algorithms as intellectual property

Algorithms can now be considered trade secrets or even patent-worthy. Prevent them from being stolen by taking these security steps.

A laptop with a virtual overlay of abstract code and a binary skull.

Protecting high-value research data from nation-state attackers

Recent nation-state campaigns to steal COVID-related research data underscores the threat to all research organizations. The best defense starts with knowing the enemy.

rfp write a proposal document contract signature deal agreement paper by extreme media getty

4 key vendor contracting pitfalls

Unless these 4 pitfalls are avoided, a vendor can have the absolute best security documents in the industry and still present material risk to its customers.

aerial view of a network of roads

Privacy legislation: The road ahead

The pace of change in privacy laws, and the technologies they seek to regulate, is only accelerating.

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

information security 2

How to write an information security policy

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Red team versus blue team: How to run an effective simulation

Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

Load More