Insider
Get exclusive access to premium articles, product guides, reviews, how-tos, and more from CIO, CSO, Computerworld, InfoWorld, ITworld, and Network World - the best enterprise tech publications in the business. Learn more!
5 tips for globalizing security awareness training
Global organizations face particular cultural and linguistic challenges when it comes to awareness training. Here's how 2 companies met that challenge and what you can learn from their experience.
![CSO > Password elimination [conceptual password security lock in a trash bin]](https://images.idgesg.net/images/article/2019/06/cso_password_elimination_abstract_passwords_by_bluebay2014_gettyimages-924698706_trashed_security_lock_in_garbage_can_by_porcorex_gettyimages-916512456_2400x1600-100798132-small.3x2.jpg)
How First Citrus Bank got rid of employee passwords
The Florida bank rolled out passwordless authentication in February that relies on device biometrics of their smartphones.
Phishing attacks that bypass 2-factor authentication are now easier to execute
Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.
Why businesses don’t report cybercrimes to law enforcement
Law enforcement agencies estimate the number of cybercrimes that go unreported by businesses number in the millions. Here why and when you should report breaches and other cyber attacks.
5 ways compliance hurts security
The tasks of meeting regulatory requirements and providing true security that actually mitigates risk do not align. Here's how focusing exclusively on compliance can undermine security.
4 tips for getting the most from threat intelligence
It’s easy to gather data on potential threats, but you have to know what to do with that intelligence if you want to improve your security stance.
28 DevSecOps tools for baking security into the development process
Catch and remediate application vulnerabilities earlier and help integrate security in the the development process with these five categories of DevSecOps tools.
How to update your Spectre, Meltdown mitigations for the Retpoline mitigation
Intel recently released a new mitigation for Spectre and Meltdown and some of their variants. Called Retpoline, it might not be enabled with the Windows 10 1809 update. Here's how to find out and implement.
How to automate Let’s Encrypt certificate authority in AWS using PowerShell
You can still automate Let's Encrypt even if your system requires a DNS challenge. Using these PowerShell scripts and Amazon Web Services' DNS service Route 53 will do the trick.
Review: FireMon clears the clutter for network security policy management
A pioneer in the field of network security policy management, FireMon provides full visibility into networks and devices, and overlays that knowledge with the rules, platforms, hardware and programs designed to protect it.
Act fast to recover assets after cyber fraud
Here's what companies can do to recover lost assets in the wake of a data theft or a BEC scam.
How to establish your business’s risk tolerance
Knowing your business risk appetite allows you to align security efforts to the business needs, prioritizing resources and spending on those areas where organizational leaders have the least appetite for risk. Here's how to do it.
Can the re-use of identity data be a silver bullet for industry?
The ability to re-use identity data for individuals across different systems would greatly simplify authentication. Here's what it would take to make it happen.
How to spot a scam: 14 red flags to watch for
Does your security awareness training program help your employees learn when someone is trying to scam them?
How to isolate a Windows 7 machine from your network
If you have a business reason to keep a Windows 7 system active past its 2020 end-of-life date, here's how to keep it from being a security liability on your network.
How to implement and use the MITRE ATT&CK framework
The MITRE ATT&CK framework is a popular template for building detection and response programs. Here's what you'll find in its knowledgebase and how you can apply it to your environment.
Review: How Awake Security uncovers malicious intent
This advanced network traffic monitoring platform identifies hidden threats and those that don’t use traditional malware, making it extremely powerful and useful in today’s threat environment.
Why security needs to be involved early during mergers and acquisitions
M&A security can often be overlooked during deal making, leading to potential incidents down the line. Here's how UK newspaper Racing Post dealt with three acquisitions in three years, each with its own security requirements.
How Microsoft builds empathy between its security and development teams
Ongoing cross-training, threat information sharing, executive support and a strong threat modeling infrastructure helps the company's security and development staff work collaboratively.
Does your cyber insurance cover social engineering? Read the fine print
Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.
Become An Insider
Sign up now and get FREE access to
hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content.
Learn more.
Most Popular
BrandPosts
Learn more-
Sponsored by Microsoft
-
Sponsored by CIS
-
Sponsored by Fortinet
Sponsored Links