Features

CSO  >  danger / security threat / malware / binary skull overlaying binary code
CSO  >  secure mergers + acquisitions / handshake offer / extended hand / security shield / circuits

audience listens to speaker lecture at a conference presentation

The CSO guide to top security conferences, 2019

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

CSO > collaboration / teamwork / empathy

How Microsoft builds empathy between its security and development teams

Ongoing cross-training, threat information sharing, executive support and a strong threat modeling infrastructure helps the company's security and development staff work collaboratively.

CSO > Invalidated cyber insurance

Does your cyber insurance cover social engineering? Read the fine print

Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.

facial recognition - biometric security identification

Why GE consolidated its identity and access management infrastructure

A multi-year effort to centralize GE's IAM functionality has resulted in significant cost savings, improved onboarding and better ability to meet regulatory requirements.

handshake business deal agreement partnership

Shared SIEM helps 3 UK local governments avoid outsourcing security

A single SIEM serves three UK councils, allowing for solution consolidation that saves costs while improving efficiency and regulatory compliance.

phishing threat

What is phishing? How this cyber attack works and how to prevent it

Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this venerable, but increasingly sophisticated, form of cyber attack.

6 gotta know ipassword tips reveal password with large type 6

What should your company’s change password policy be?

Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.

dark secrets of enterprise architecture men meetng in dark tunnel

What is opsec? A process for protecting critical information

Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger...

cioll 025 thumb
video

CIO Leadership Live with guest Vipin Gupta, CIO, Toyota Financial Services

Join host Maryfran Johnson and her guest Vipin Gupta, CIO at Toyota Financial Services for a discussion about IT’s role in a digital strategy and much more, on CIO Leadership Live.

green pin stuck in a gps device 125434813

What is GPS spoofing? And how you can defend against it

The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here's how it works and what you can do to mitigate its risk.

clock gear accuracy machine engineer

How to get started using Ghidra, the free reverse engineering tool

The Ghidra reverse engineering tool is free to download and use and is a worthy alternative to incumbent IDA Pro. Here's what you need to know to get started. (Some assembly required.)

recruiting thinkstock

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

millennials trust

How Akamai implemented a zero-trust model

An effort that was triggered by a nation-state attack nine years ago has fundamentally transformed how people and devices access apps and services, limiting damage from lateral movement.

2fa sms

Why unauthenticated SMS is a security risk

Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.

boardroom job opening executive in silhouette empty chair new job

Does it matter who the CISO reports to?

Reporting relationships are more than lines on an org chart, they're lines of authority. Ultimately, who the CISO reports to may say more about an organization's maturity than it does about an individual's effectiveness.

security command center monitors control center getty goro denkoff

How to evaluate SOC-as-a-service providers

Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them.

EKG and stethoscope in a binary environment

How a data-driven approach to security helps a small healthcare team embrace automation

Not-for-profit Martin's Point Health Care created a data-driven security framework to automate how threats are evaluated.

06 permission

Check your access control permissions before hackers do

Every organization has devices, networks or cloud services with improperly configured permissions that expose sensitive data or could allow hackers to gain privileged access. Check them now.

Load More