Features

trojan horse malware virus binary by v graphix getty

What is a Trojan horse? How this tricky malware works

A Trojan horse is a type of malware that can wreak havoc on computer networks — but only with your unwitting help.

speedometer / speed / fast / high performing / limits

A new website explains data breach risk

Breach Clarity ranks the risk of stolen or exposed personal data. It's a much needed work in progress.

questions to ask a vendor curious hand with question mark tablet ipad by stevanovicigor getty

6 questions to ask before buying an ICS / OT security monitoring tool

Shopping for an ICS / OT monitoring solution? Here's what you need to know about evaluating the vendors.

mended relationship / handshake and bandaged heart

6 signs the CIO-CISO relationship is broken — and how to fix it

Successful collaboration between the IT and security leaders is essential but not always easy. Here are signs the relationship is broken – and 8 steps you should take to fix it.

dns veteran paul vixie internet pioneer by jamie rain lunch break headshots

DNS hijacking grabs headlines, but it’s just the tip of the iceberg

DNS pioneer Paul Vixie contemplates missed opportunities for improving internet security and advocates for widespread use of DNSSEC, which he helped create, and which he believes would go a long way toward improving DNS security.

rfp write a proposal document contract signature deal agreement paper by extreme media getty

How to prepare a SOC-as-a-service RFP

Here's how one company structured its SOCaaS request for proposal document. Key takeaway: Don't be afraid to ask for too many details.

keep out sign do not tresspass privacy authentication access barbed wire by tim husser getty

What is PKI? And how it secures just about everything online

Public key infrastructure (PKI) is a catch-all term for everything used to establish and manage public key encryption, one of the most common forms of internet encryption. It is baked into every web browser in use today to secure...

email security lock breach protocol by microstockhub getty

3 email security protocols that help prevent address spoofing: How to use them

DMARC, DKIM and SPF will help cut down on malicious emails from spoofed addresses. Setting them up is easier than you think.

storm clouds cloud computing cloud threat security lightning tormado by mdesigner125 getty

The dirty dozen: 12 top cloud security threats

More data and applications are moving to the cloud, which creates unique infosecurity challenges. Here are the "Treacherous 12," the top security threats organizations face when using cloud services.

CSO > Conceptual image > Coventry University's cloud-first strategy

Coventry University puts security at the heart of its cloud-first strategy

The school goes cloud-first but aims to lead its sector when it comes to cybersecurity.

maze labrynth endpoint protection easy access bypass by gremlin getty

6 ways malware can bypass endpoint protection

Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here's how attackers do it.

online shopping cart magecart hackers shopping online

What is Magecart? How this hacker group steals payment card data

Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Here's how they work and what you can do to mitigate the risk.

hacker linkedin scam romance scam on social media phishing heart

How to stick it to LinkedIn romance scammers

LinkedIn is becoming a popular channel for criminals to find victims for romance scams. Here's how to identify, report and block those scammers.

keeping the cloud secure cloud security lock padlock private cloud

How do you secure the cloud? New data points a way

New reports show big differences in risk among public, private and hybrid cloud deployments. Here’s advice on the tools, information and organizational structure needed to execute a successful cloud security strategy.

CSO > global security

5 tips for globalizing security awareness training

Global organizations face particular cultural and linguistic challenges when it comes to awareness training. Here's how 2 companies met that challenge and what you can learn from their experience.

CSO > Password elimination [conceptual password security lock in a trash bin]

How First Citrus Bank got rid of employee passwords

The Florida bank rolled out passwordless authentication in February that relies on device biometrics of their smartphones.

CSO > breakthrough / penetration testing / hammer breaking binary glass

10 penetration testing tools the pros use

Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.

CSO > Micsoroft Windows logo emblazoned on a security shield in a field of abstract binary data.

Best new Windows 10 security features: Windows Sandbox, more update options

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 1903 feature release.

computer crime scene / hacked / infected / cybercrime / cyberattack

Why businesses don’t report cybercrimes to law enforcement

Law enforcement agencies estimate the number of cybercrimes that go unreported by businesses number in the millions. Here why and when you should report breaches and other cyber attacks.

compliance / control / constraints

5 ways compliance hurts security

The tasks of meeting regulatory requirements and providing true security that actually mitigates risk do not align. Here's how focusing exclusively on compliance can undermine security.

Load More