Features

secured network of computers with locks displayed on screens

Why giving users two separate systems won't improve security

Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

GDPR data privacy / data protection / security / risk management

What is personally identifiable information (PII)? How to protect it under GDPR

The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.

access control / authentication / privileges / managing permissions

What is access control? A key component of data security

Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. It is a vital aspect of data security, but it has some significant enforcement challenges.

multiple-exposure image of dollars, charts, graphs, a globe and a calculator

How much should you spend on security?

Each organization needs to develop its own ongoing process for evaluating needs and justifying security spend. Here's how two CISOs do it.

A team with megaphones promotes their message.

How to market security: 8 tips for recruiting users to your cause

Getting users to care about security is a much-lamented challenge. What you need is a marketing plan.

CSO > security shield / binary code / handshake / agreement / contract

6 risk factors to know when hiring an MSSP

A managed security services provider can effectively extend an organization's security capabilities or provide affordable security infrastructure if you avoid these common mistakes.

CSO > malware / virus / security threat / protective antivirus shield

Best antivirus software: 10 top tools

These top-ranking Windows 10 client antivirus products were tested on three primary criteria: protection, performance, and usability.

Email takeover > Puppeteer hands manipulating the strings of an email client

Beware rogue email rules and forms

Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

international travel / security checkpoint / electronic ticketing/ inspecting personal device

Safe travels: 7 best practices for protecting data at border crossings

Border agents are requesting access to devices and the data on them with no regard to your organization's security policies. Here's how to protect that data and your employees.

CSO > high-value targets > binary targeting of executives

Developing personal OPSEC plans: 10 tips for protecting high-value targets

Attackers are increasingly targeting executives and employees who have access to sensitive enterprise data. Here's how to protect those individuals with personal OPSEC plans.

Planning / strategy / management > Nurturing growth / scale / expansion

Built to scale: 5 tips for structuring your security organization for growth

How to prepare your SOC for mergers, new business innovation and a constantly changing and growing attack surface.

conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2019

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

Compliance

11 new state privacy and security laws explained: Is your business ready?

States from Maine to California have recently enacted privacy, data security, cybersecurity, and data breach notification laws. Let's break down what each of these laws entails and how businesses and consumers are affected.

CSO > wolf in sheeps clothing / fraud / identity theft / social engineering

Famous social engineering attacks: 12 crafty cons

This rogues gallery of social engineering attack examples made headlines by taking advantage of human nature.

computer infection spreading

What is a computer worm? How this self-spreading malware wreaks havoc

A worm is a form of malware (malicious software) that operates as a self-contained application and can transfer and copy itself from computer to computer.

hacker / cryptocurrency attack

What is cryptojacking? How to prevent, detect, and recover from it

Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.

Intelligent workspaces - Redefining the future of work

How JustEat finds and trains in-house security talent

Employees in other departments might have skills that play well in security and the desire to make the jump. JustEat CISO Kevin Fielder explains how he introduces those people to cybersecurity and integrates them with the team.

Columns of checkmarks and stars.

Top cyber security certifications: Who they're for, what they cost, and which you need

Expand your skills, know-how and career horizons with these highly respected cybersecurity certifications.

chain links securing multiple transactions / big data / security / blockchain

How MIT's Fiat Cryptography might make the web more secure

By automating the writing of cryptographic algorithms, Fiat Cryptography can remove errors, produce more secure code, and boost performance.

venmo data breach lock security breach circuit board by weerapatkiatdumrong getty

6 lessons from Venmo’s lax approach to API security

Cyber criminals are targeting application programming interfaces to steal sensitive data. Recent exposures and hacks at companies like Venmo, Facebook and Google present lessons to improve API security.

Load More