Opinions

A ladder extends into clouds in the sky. [ growth /expansion / opportunity / growth ]

5 top qualities you need to become a next-gen CISO

joe biden cyberceomeeting public domain wh

The Biden administration has racked up a host of cybersecurity accomplishments

Security threat > One endpoint on a network has been compromised.

XDR: Still confusing after all these years

It’s time to stop debating about what XDR is and focus on how it fits in a security operations center modernization strategy.

gears orange large efficient automated machine learning automation

Making the case for security operation automation

Most organizations are automating security operations processes and achieving benefits. An intelligent strategy and appropriate technology decisions can accelerate these projects.

international travel / security checkpoint / electronic ticketing/ inspecting personal device

Data capture by border agencies can and will happen – are your on-the-road employees prepared?

Many countries routinely download device content from travelers at the border. Getting ahead of this eventuality can help protect sensitive data and maintain privacy for employees and their company.

prisoner jail crime

What the Uber verdict means to CISOs: You're (probably) not going to jail

CISOs and potential CISOs worried about criminal risk won't go to jail if they follow four simple steps.

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

3 actions Latin American leaders must take to reduce risk of cyberattacks

Threat actors are targeting government and private sector organizations across Latin America, so business and political leaders must step up to meet the challenge.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

Guilty verdict in the Uber breach case makes personal liability real for CISOs

The conviction of Uber's former CSO could change the roles of top security leaders and raises the level of personal risk in the wake of a breach.

computer waste junk pile

The astronomical costs of an asset disposal program gone wrong

As Morgan Stanley Smith Barney has learned, an information technology asset disposal program can protect a company against the potential catastrophe of data leaks from gear you’re getting rid of.

social media users

How posting personal and business photos can be a security risk

Image geotags, metadata, and location information can allow competitors, cybercriminals, and even nation-state threat actors to gain knowledge they can use against organizations.

rules procedures manuals code of conduct

Transparency and policy shapes Cloudflare’s Kiwi Farms decisions

Cloudflare's blocking of hate-based forum Kiwi Farms is the latest in a string of controversial actions and inactions around bad behaving customers. Agree or disagree, the company has stuck to its policy throughout.

Election security > Backlit hand drops a vote in a ballot box with US flag + binary code overlay

Social media's role in spreading U.S. election disinformation in the spotlight

Before Twitter's former CISO sounded the alarm bell, the U.S. government defined steps to counter misinformation and disinformation at the state, local and federal levels.

zero trust security model secured network picture id1313494602

Sorting zero-trust hype from reality

Zero trust is not a product, but a security methodology based on defense-in-depth and least-privileged access concepts.

API security alert / software development / application flow chart diagram

Why SBOMs alone aren’t enough for software supply chain security

Organizations must be willing to ask software vendors hard risk-based questions and be prepared for that to lengthen the purchase process.

Department of Justice FBI building

U.S. Federal Court breach reveals IT and security maturation issues

An investigation into the 2020 breach results in 18 recommendations for the Administrative Office of the U.S. Courts to change its IT and security policies and practices.

Mobile phone data privacy.

Data privacy: Collect what you need, protect what you collect

Data over-collection is a security and compliance risk, and that's why CISOs need a say in decisions about what data to collect.

risk

5 trends making cybersecurity threats riskier and more expensive

Risks increase as the world becomes more digital, regulated, and interconnected, but you can take steps to reduce their impact.

CSO > wolf in sheeps clothing / fraud / identity theft / social engineering

How a sex worker became a defense contractor employee -- and an insider threat

An accomplished research scientist manipulated a defense contractor CEO into hiring a prostitute for a technical role. Here's how this insider threat could have been avoided.

binary silhouettes / data / tracking / surveillance

NSO Group’s Pegasus crashes as Apple initiates Dignity and Justice Fund

The failed sale of NSO Group to L3Harris raises concerns about who will own its surveillance technology, while Apple takes steps to hold surveillance firms accountable.

A laptop user works securely behind a firewall.

Cybersecurity is a constant fire drill—that’s not just bad, it’s dangerous

Security efforts based on heroism and tribal knowledge can’t scale. CISOs must address this situation as soon as possible.

Load More