CSO | Security news, features and analysis about prevention, protection and business innovation.

IDG Contributor Network

2019 in review: data breaches, GDPR’s teeth, malicious apps, malvertising and more

As 2019 draws to a close, it is time to reflect on what’s happened in cybersecurity over the past twelve months – and in some cases, what didn’t happen this year.

Rick Grinnell

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

J.M. Porup

9 top fuzzing tools: Finding the weirdest application errors

Fuzz testing tools root out odd programming errors that might result in dangerous unexpected application errors that attackers can exploit.

John Breeden II

CSO > breakthrough / penetration testing / sledgehammer breaking through a binary wall

InfoSec at Your Service

8 common pen testing mistakes and how to avoid them

Penetration testing is vital, but are you doing it right? Here are some common mistakes and advice on how to avoid them.

Michelle Drolet

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

CSO staff

silver platter passwords exposed authentication hacked vulnerable security breach

Future Identity

4 authentication use cases: Which protocol to use?

Choosing the wrong authentication protocol could undermine security and limit future expansion. These are the recommended protocols for common use cases.

Susan Morrow

Cybersecurity > A mysterious and intricate padlock with complex circuits

What is cybersecurity? Definition, frameworks, jobs, and salaries

Cybersecurity is the practice of defending computers, networks, and data from malicious electronic attacks. Learn the skills, certifications and degrees you need to land a job in this challenging field.

Josh Fruhlinger

How to manage Windows 10 1903 and 1909 security updates

Your Windows update controls might be out of date if you haven't reviewed them since the 1803 update or earlier. Here are the new settings you need to know.

Susan Bradley

Tortoise-defense formation of the Spartans > warfare / war games / red team binary target / attack

Why BT's red team strikes for real

UK-based BT's red team conducts attacks on live systems without informing the rest of the business or the blue team defending it. BT Group CSO Les Anderson says this is key to the company's proactive approach to security.

Dan Swinhoe

IDG Contributor Network

Insider risk management – who’s the boss?

Where the buck should stop…why and why not.

Shawn M. Thompson

Popular Resources

View All

Good tech talent is still hard to find (how to bridge the gap)

Companies have big plans for digital transformation, but the lack of skilled IT talent remains an obstacle. Here’s how to cope.

Beth Stackpole

cloud security shield with checkmark / cloud / digital connections / cloud security expert / CASB

How to evaluate a CASB

All cloud access security brokers share core functionality, but they deliver it differently and they all have unique feature sets. Here's what you need to know before buying one.

David Strom

IDG Contributor Network

Insider threats: From McDonald’s Monopoly to today, how to address how little has changed

What have we learned this year? Insider threats haven’t changed much. Companies and people still focus on the bright, shiny new technologies or expected windfalls from major projects. Many ignore the governance, controls and processes...

Mitchell Parker

Cybersecurity awareness > A weary businessman holds hand to forehead at security training.

IT certifications and training center

Certifications show that you’re committed to your job, have specific skills and are willing to up your game. Check out our online training courses and guides to top certifications -- all part of your Insider Pro subscription.

Insider Pro staff

access management / access control / user connections / identities

Flex streamlines app access for 20k suppliers with IAM overhaul

Contract manufacturer Flex dumped its distributed identity and access management system for a more centralized, cloud-based option that better protects data and intellectual property.

Jaikumar Vijayan

From Our Advertisers

cso online

Insider risk management – who’s the boss?

8 common pen testing mistakes and how to avoid them

New CSO appointments in India, 2019

2019 in review: data breaches, GDPR’s teeth, malicious apps, malvertising and more

As 2019 draws to a close, it is time to reflect on what’s happened in cybersecurity over the past twelve months – and in some cases, what didn’t happen this year.

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

9 top fuzzing tools: Finding the weirdest application errors

Fuzz testing tools root out odd programming errors that might result in dangerous unexpected application errors that attackers can exploit.

8 common pen testing mistakes and how to avoid them

Penetration testing is vital, but are you doing it right? Here are some common mistakes and advice on how to avoid them.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

4 authentication use cases: Which protocol to use?

Choosing the wrong authentication protocol could undermine security and limit future expansion. These are the recommended protocols for common use cases.

What is cybersecurity? Definition, frameworks, jobs, and salaries

Cybersecurity is the practice of defending computers, networks, and data from malicious electronic attacks. Learn the skills, certifications and degrees you need to land a job in this challenging field.

How to manage Windows 10 1903 and 1909 security updates

Your Windows update controls might be out of date if you haven't reviewed them since the 1803 update or earlier. Here are the new settings you need to know.

Why BT's red team strikes for real

UK-based BT's red team conducts attacks on live systems without informing the rest of the business or the blue team defending it. BT Group CSO Les Anderson says this is key to the company's proactive approach to security.

Insider risk management – who’s the boss?

Where the buck should stop…why and why not.

Good tech talent is still hard to find (how to bridge the gap)

Companies have big plans for digital transformation, but the lack of skilled IT talent remains an obstacle. Here’s how to cope.

How to evaluate a CASB

All cloud access security brokers share core functionality, but they deliver it differently and they all have unique feature sets. Here's what you need to know before buying one.

Insider threats: From McDonald’s Monopoly to today, how to address how little has changed

What have we learned this year? Insider threats haven’t changed much. Companies and people still focus on the bright, shiny new technologies or expected windfalls from major projects. Many ignore the governance, controls and processes...

IT certifications and training center

Certifications show that you’re committed to your job, have specific skills and are willing to up your game. Check out our online training courses and guides to top certifications -- all part of your Insider Pro subscription.

Flex streamlines app access for 20k suppliers with IAM overhaul

Contract manufacturer Flex dumped its distributed identity and access management system for a more centralized, cloud-based option that better protects data and intellectual property.