Security Practices
Security Practices | News, how-tos, features, reviews, and videos
Social media use can put companies at risk: Here are some ways to mitigate the danger
Using social media can expose company and employee data, and misuse could harm organizational reputation. Here are some tips that can help reduce the risk.
MTTR “not a viable metric” for complex software system reliability and security
Verica Open Incident Database Report suggests mean time to resolve should be retired and replaced with other metrics more appropriate for software systems and networks.
When blaming the user for a security breach is unfair – or just wrong
Training non-tech savvy users to recognize phishing and other credential-based attacks is essential but expecting employees to man the front lines against intrusions is a mistake, experts say. Harmony between staff psychology and...
EU Council adopts NIS2 directive to harmonize cybersecurity across member states
The NIS2 directive replaces NIS as EU Council seeks to improve resilience and incident response capacities in the EU.
Almost half of customers have left a vendor due to poor digital trust: Report
New research from DigiCert has found that digital trust is a key driver of customer loyalty, with 84% of customers saying they would consider leaving a vendor that did not manage digital trust.
How to prepare for a SOC 2 audit – it’s a big deal, so you’d better get ready
Getting ready for one of the most demanding review processes in cybersecurity can be daunting, but experts say preparing for a SOC 2 audit can be an important part of a well-managed year-round security program.
Tenable aims to unify your cybersecurity with exposure management platform
Tenable tackles the issue of siloed security apps with a cloud-based exposure management system that pulls in data from diverse types of systems that track a company’s digital assets and identify vulnerabilities.
A third of enterprises globally don’t prioritize digital trust: ISACA
There are significant gaps between what enterprises are doing and what they should do to earn customer trust in their digital ecosystems, according to information systems security group ISACA.
CISA launches incident, ransomware reporting rulemaking RFI
The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.
7 critical steps for successful security onboarding
Creating a culture of security starts on day one, say veteran security leaders. Here’s their advice for making that initial security training more effective.
Palo Alto debuts Unit 42 team for managed detection and response
Live expert service builds on Palo Alto’s Cortex extended detection and response (XDR) platform provide, offering a managed detection and response (MDR) team for more personalized cybersecurity management and incident response.
5 best practices for secure collaboration
How successful companies are facing the challenges of securing emerging communication technologies.
Defense in depth explained: Layering tools and processes for better security
Defense in depth is a security strategy in which multiple security tools, mechanisms, and policies are deployed in tandem on the assumption that if one fails, another will hold.
Best practices for recovering a Microsoft network after an incident
Follow this advice to minimize stress when recovering credentials, systems and settings after a ransomware or other cyberattack.
Cybersecurity is a constant fire drill—that’s not just bad, it’s dangerous
Security efforts based on heroism and tribal knowledge can’t scale. CISOs must address this situation as soon as possible.
Sophos unifies threat analysis and response units into X-Ops team
Cybersecurity vendor Sophos reorganized three prominent organizational teams into a single new entity, for more efficient responses to modern threats.
How to conduct a tabletop exercise
Testing your security policies and procedures in real-life scenarios can help you improve your security posture—if you implement the lessons learned.
New Flashpoint offering automates incident response workflows
Low-code platform enables security teams to build security workflows with drop-and-drag ease.