Data and Information Security

Data and Information Security | News, how-tos, features, reviews, and videos

big data merger and acquisition big business smb
The shadow of hand unsettlingly hovers over a keyboard.

computer keyboard delete trash

Machine as insider threat: Lessons from Kyoto University’s backup data deletion

Kyoto University lost terabytes of data in a machine-as-an-insider scenario triggered by human error. Here are questions CISOs should ask to avoid a similar situation.

One avatar is uniquely identified among others at the center of a bullseye in a digital environment.

Protecting PII: Examples, laws, and standards

Personally identifiable information (PII), is any piece of data that could be used—either alone or when combined with other data—to identify an individual. Some types of PII are obvious, such as a name or Social Security number, but...

CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.

human weak link cybersecurity primary

Supply chain attacks show why you should be wary of third-party providers

The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

video conferencing / remote work

9 video chat apps compared: Which is best for security?

Zoom, Microsoft Teams, Google Meet, Cisco Webex, FaceTime, Tauria, Signal, Wire and WhatsApp. What does their encryption look like? What are the trade-offs?

CSO > breakthrough / penetration testing / hammer breaking binary glass

11 penetration testing tools the pros use

Automated and open source tools can help you conduct web application, network, and database penetration tests.

Encryption  >  A conceptual technological lock and encrypted code.

Collect today, decrypt tomorrow: How Russia and China are preparing for quantum computing

All encrypted data will eventually become vulnerable to quantum computing along with the secrets they hold.

cloud security / data protection / encryption / security transition

Avery Dennison overhauls DLP program in enterprise-wide effort

The company’s DataSafe initiative marries technology improvements and a new enterprise-wide security mindset.

eliminate insider threats 1

What CISOs can learn from the US Navy insider who stole nuclear secrets

The theft of government secrets by Jonathan Toebbe and others raises the question: How should CISOs deal with insider threats who have had insider threat training?

Encryption  >  Encrypted data / hexadecimal code

Spike in encrypted malware poses dual challenge for CISOs

Faced with a surge in malware hidden in encrypted traffic, CISOs are being tasked with managing technical solutions while also adhering to privacy considerations.

An engineer reviews strategy framework data.

5 IT risk assessment frameworks compared

Formal risk assessment methodologies can help take guesswork out of evaluating IT risks if applied appropriately. Here is real-world feedback on using COBIT, OCTAVE, FAIR, NIST RMF, and TARA.

man with megaphone yelling buzzwords

11 cybersecurity buzzwords you should stop using right now

These cybersecurity buzzwords are inaccurate, outdated, misleading, or even harmful. Here's why they should be laid to rest.

mobile security / threat detection / traffic analysis

How to hack a phone: 7 common attack methods explained

Mobile security often beats PCs, but users can still be fooled and smartphones can still be hacked. Here’s what you need to watch for.

broken binary code matrix / breached / failed / hacked

Twitch breach highlights dangers of choosing ease of access over security

Attackers essentially broke into the Twitch house and cleaned out everything. Following least-privilege access principles and encrypted datasets will help others avoid that scenario.

A magnifying lens examines top secret information amid binary code.

How corporate data and secrets leak from GitHub repositories

Attackers constantly search public code repositories like GitHub for secrets developers might inadvertently leave behind, and any tiny mistake can be exploited.

Threat assessment  >  Differentiating elements / good vs. bad / angel vs. devil amid abstract data.

7 deadly sins of Salesforce security

Your Salesforce system holds a lot of sensitive customer data. Don’t fall victim to one of these common sins, errors, and blindspots.

cso security hack breach water leak gettyimages 466029458 by firmafotografen 2400x1600px

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...

Encrypted blocks of multicolored data cubes rolling out.

Steganography explained and how to protect against it

Steganography is reasonably easy to implement yet difficult to detect, which is why threat actors use it to deliver malware, evade detection, and gain persistence.

Load More