Features

2 dark web
'expert knowledge' stamp of certification

A fishing lure with multiple hooks baits a binary stream. [fraud / phishing / social engineering]

How to prepare for an effective phishing attack simulation

Here's what users need to know about phishing attacks before you send out a test email.

podcast 3x16 2
Sponsor Podcast Microsoft

Episode 2: Empowering employees to be secure and productive

Episode 2: When it comes to protecting your business, security is a team sport. Criminal hackers –increasingly sophisticated and persistent – are playing offense, trying to find weak spots to breach an organization. And everyone in...

cso50 prudential ttthumb
video

How Prudential Financial gamifies security training

Jeff Thomas is CSO of Prudential Financial where his team created a CSO50 award-winning workplace threat management training course designed to capture employee attention and maintain interest. The solution combines a story with a...

virtual puzzle cube / problem-solving / solution / strategy

How to reboot a broken or outdated security strategy

CISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders.

gavel / abstract binary lines  >  court judgment / fine / penalty / settlement

The biggest data breach fines, penalties and settlements so far

Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $1.3 billion and counting.

handshake / teamwork / collaboration / partnership / deal / negotiation

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

A large 'X' marks a conceptual image of a password amid encrypted data.

Hashing explained: Why it's your best bet to protect stored passwords

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

A hacker attacks from within a Windows system.

Top SolarWinds risk assessment resources for Microsoft 365 and Azure

Government and private organizations, including Microsoft, have released a wealth of information and tools to assess risk from SolarWinds-like attacks.

cso50 charest ttthumb
video

Building a command center to protect PII

Kevin Charest is CISO of Health Care Service Corporation where his team created a CSO50 award-winning Cyber Fusion Center for cyber defense representing collaboration across five Blue Cross and Blue Shield plans in Illinois, Montana,...

Tech Spotlight   >   IT Leadership [intro]   >   One glowing arrow leads a pack of other arrows.

What IT leadership looks like in 2021

As IT leaders meet the challenges of the COVID era, only one thing is assured – more change is coming sooner than you think.

digital cloud computing cyber security digital data network future picture id1216520824

Top 7 security mistakes when migrating to cloud-based apps

As organizations rush key apps to the cloud to support remote workers, they often create opportunities for attackers. These are the most common mistakes to avoid.

podcast 3x16 2
Sponsor Podcast Microsoft

Episode 1: Balancing act

Episode 1: In this episode of the Strengthen and Streamline Your Security podcast, we look at how an identity-based security framework can help organizations let users work from anywhere while securing them seamlessly. We’ll hear...

orange monitors with lock icon network security cyber threat

33 hardware and firmware vulnerabilities: A guide to the threats

Meltdown and Spectre raised the alarm over vulnerabilities that attackers can exploit in popular hardware and its firmware. Here's a roundup of the ones that present the most significant threats.

cyber attack alert

How to prepare for and respond to a SolarWinds-type attack

If you can perform these tasks on your Windows network, then you are properly prepared to respond to a nation-state attack like SolarWinds.

Ransomware  >  A coin-operated lock ransoming an encrypted system.

Egregor ransomware group explained: And how to defend against it

Egregor is one of the most rapidly growing ransomware families. It employs "double ransom" techniques to threaten reputational damage and increase pressure to pay.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

5 questions CISOs should ask prospective corporate lawyers

Where can you find an attorney with the knowledge and insight to help you navigate thorny privacy and security issues? These five questions will help you find the right match.

abstract data flows / data streams

Differential privacy: Pros and cons of enterprise use cases

Hiding sensitive data in a sea of noise might have more value than encryption in some use cases. Here are the most likely differential privacy applications and their trade-offs.

cso50 penn medicine ttthumb
video

Improving team satisfaction and skills with creative penetration testing

Michael Kenney is Lead Information Security Engineer at Penn Medicine where they’ve created their CSO50 award-winning ‘Penn Test Security Challenge’ that leverages gamification penetration testing exercises to add value. By building...

Load More