Features
The CSO guide to top security conferences, 2019
CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.
How Microsoft builds empathy between its security and development teams
Ongoing cross-training, threat information sharing, executive support and a strong threat modeling infrastructure helps the company's security and development staff work collaboratively.
Does your cyber insurance cover social engineering? Read the fine print
Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.
Why GE consolidated its identity and access management infrastructure
A multi-year effort to centralize GE's IAM functionality has resulted in significant cost savings, improved onboarding and better ability to meet regulatory requirements.
Shared SIEM helps 3 UK local governments avoid outsourcing security
A single SIEM serves three UK councils, allowing for solution consolidation that saves costs while improving efficiency and regulatory compliance.
What is phishing? How this cyber attack works and how to prevent it
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this venerable, but increasingly sophisticated, form of cyber attack.
What should your company’s change password policy be?
Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.
What is opsec? A process for protecting critical information
Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger...
video
CIO Leadership Live with guest Vipin Gupta, CIO, Toyota Financial Services
Join host Maryfran Johnson and her guest Vipin Gupta, CIO at Toyota Financial Services for a discussion about IT’s role in a digital strategy and much more, on CIO Leadership Live.
What is GPS spoofing? And how you can defend against it
The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here's how it works and what you can do to mitigate its risk.
How to get started using Ghidra, the free reverse engineering tool
The Ghidra reverse engineering tool is free to download and use and is a worthy alternative to incumbent IDA Pro. Here's what you need to know to get started. (Some assembly required.)
Security Recruiter Directory
To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.
How Akamai implemented a zero-trust model
An effort that was triggered by a nation-state attack nine years ago has fundamentally transformed how people and devices access apps and services, limiting damage from lateral movement.
Why unauthenticated SMS is a security risk
Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.
Does it matter who the CISO reports to?
Reporting relationships are more than lines on an org chart, they're lines of authority. Ultimately, who the CISO reports to may say more about an organization's maturity than it does about an individual's effectiveness.
How to evaluate SOC-as-a-service providers
Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them.
How a data-driven approach to security helps a small healthcare team embrace automation
Not-for-profit Martin's Point Health Care created a data-driven security framework to automate how threats are evaluated.
Check your access control permissions before hackers do
Every organization has devices, networks or cloud services with improperly configured permissions that expose sensitive data or could allow hackers to gain privileged access. Check them now.
Sponsored Links