CSO | Security news, features and analysis about prevention, protection and business innovation.

keep out sign do not tresspass privacy authentication access barbed wire by tim husser getty

What is PKI? And how it secures just about everything online

Public key infrastructure (PKI) is a catch-all term for everything used to establish and manage public key encryption, one of the most common forms of internet encryption. It is baked into every web browser in use today to secure...

Josh Fruhlinger

CSO > Antivirus symbol on binary background

PrintDemon vulnerability explained: Its risks and how to mitigate

Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.

Ax Sharma

collaboration / strategy / teamwork / transformation

Rethinking collaboration: 6 vendors offer new paths to remote work

With the need for efficient collaboration tools exploding in recent months, a variety of companies hope to refine how those tools work and what they can do. We look at six now pushing the envelope.

Matthew Finnegan

popcorn security theater lock by madartzgraphics and dbreen via pixabay

5 examples of security theater and how to spot them

Security theater is a term coined by Bruce Schneier to describe security measures that satisfy our emotional need to take action, but don’t actually improve security. Rooting these out can save considerable time and money -- and make...

J.M. Porup

cloud security expert casb binary cloud computing cloud security by metamorworks getty 100803072 or

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft's Sysmon and Azure Sentinel are easy and inexpensive ways to log events on your network. Here's how to get started with them.

Susan Bradley

CSO Executive Sessions

Episode 10: Don’t be Batman: Why CISOs should embrace the sidekick role, Part 2

Podcast Episode 10: Listen now as Akamai CISO Andy Ellis and host Bob Bragdon continue their talk about the good guy/bad guy dynamic in the infosec community and why it can lead to being marginalized.

Bob Bragdon

Cloud security threats > Lightning strikes a digital landscape via binary clouds.

Use of cloud collaboration tools surges and so do attacks

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Lucian Constantin

Keep third-party risk on your radar: Piggybacked deer, giraffe and cat balance on a tightrope.

Managing vendor and supply chain risk in a recession

The COVID-19 crisis is putting security vendors, especially startups, under severe pressure. Here's how to vet their financial stability and prepare for the worst.

Dan Swinhoe

A conceptual representation of accessing username and password credentials.

Hashcat explained: Why you might need this password cracker

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies.

J.M. Porup

digital transformation world map outsourcing iot edge computing

4 ways edge computing changes your threat model

Edge computing provides more opportunities for attackers to access devices--and your network--remotely and physically. These are the risks you need to consider.

Jaikumar Vijayan

Popular Resources

View All

Failure frustration anger user man worker

6 hard truths security pros must learn to live with

Crafty hackers, unwitting users, a relentless workload — working in IT security is all about accepting this as business as usual and pushing forward anyway.

Neal Weinberg

Cybersecurity > Email security threats, such as phishing

How Abnormal Security combats business email compromise

Abnormal Security analyzes work relationships, language patterns to spot compromised accounts and stop them from sending mail.

John Breeden II

Cybersecurity lock with the abstract circuitry of a security fabric.

Security Intelligence

Securing IoT requires a shift to a security fabric

The IoT era and the expectation that everything will be connected, accelerates the need to move away from point products and toward the concept of a security fabric.

Zeus Kerravala

A hacker looks out over a city amid graphs of increasing trend lines and numerical rates.

Cybercrime in a recession: 10 things every CISO needs to know

Economic downturns force cybercriminals to change focus and creates conditions for new criminals to join their ranks. Here's how to prepare.

Dan Swinhoe

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

CSO staff

From Our Advertisers

cso online

Use of cloud collaboration tools surges and so do attacks

5 examples of security theater and how to spot them

Rise of the DPO in wake of India’s Data Protection Bill

What is PKI? And how it secures just about everything online

Public key infrastructure (PKI) is a catch-all term for everything used to establish and manage public key encryption, one of the most common forms of internet encryption. It is baked into every web browser in use today to secure...

PrintDemon vulnerability explained: Its risks and how to mitigate

Microsoft has finally patched the decades-old Windows PrintDemon vulnerability, but exploitable devices might still be on your network.

Rethinking collaboration: 6 vendors offer new paths to remote work

With the need for efficient collaboration tools exploding in recent months, a variety of companies hope to refine how those tools work and what they can do. We look at six now pushing the envelope.

5 examples of security theater and how to spot them

Security theater is a term coined by Bruce Schneier to describe security measures that satisfy our emotional need to take action, but don’t actually improve security. Rooting these out can save considerable time and money -- and make...

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft's Sysmon and Azure Sentinel are easy and inexpensive ways to log events on your network. Here's how to get started with them.

Episode 10: Don’t be Batman: Why CISOs should embrace the sidekick role, Part 2

Podcast Episode 10: Listen now as Akamai CISO Andy Ellis and host Bob Bragdon continue their talk about the good guy/bad guy dynamic in the infosec community and why it can lead to being marginalized.

Use of cloud collaboration tools surges and so do attacks

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Managing vendor and supply chain risk in a recession

The COVID-19 crisis is putting security vendors, especially startups, under severe pressure. Here's how to vet their financial stability and prepare for the worst.

Hashcat explained: Why you might need this password cracker

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies.

4 ways edge computing changes your threat model

Edge computing provides more opportunities for attackers to access devices--and your network--remotely and physically. These are the risks you need to consider.

6 hard truths security pros must learn to live with

Crafty hackers, unwitting users, a relentless workload — working in IT security is all about accepting this as business as usual and pushing forward anyway.

How Abnormal Security combats business email compromise

Abnormal Security analyzes work relationships, language patterns to spot compromised accounts and stop them from sending mail.

Securing IoT requires a shift to a security fabric

The IoT era and the expectation that everything will be connected, accelerates the need to move away from point products and toward the concept of a security fabric.

Cybercrime in a recession: 10 things every CISO needs to know

Economic downturns force cybercriminals to change focus and creates conditions for new criminals to join their ranks. Here's how to prepare.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.