Our coverage of the annual Global Information Security Survey conducted by CSO and CIO magazines in partnership with PwC has sparked some interesting discussions about <a href="http://www.csoonline.com/article/690854/are-you-an-it-security-%20leader-really-">what it takes to be a security leader</a>. Specifically, the discussion is about how organizations can move <a href="http://www.csoonline.com/article/691069/laggard-to-leader-what-it-takes-to-get-there">from being a security laggard to something better</a>. As part of those discussions, we spoke with Andy Ellis, chief security officer at Akamai Technologies. Ellis is responsible for overseeing the security architecture and compliance of the company's globally distributed network and sets the strategic direction of its security.
George V. Hulme |
02 Nov |
Read more
It's no secret that enterprise users are bringing more <a href="http://www.csoonline.com/article/681822/just-say-yes-why-banning-consumer-devices-makes-your-organization-less-secure">types of IT devices to work</a> -- devices not necessarily condoned or managed by IT -- while they're also using more cloud-based services to store, manage and share their work related files.
George V. Hulme |
15 Oct |
Read more
It's no big secret: contemporary attacks are levied over the Web; attackers will craft custom malware to slither past anti-malware defenses; and any business on any given day can be compromised. That's the reality of where information security stands today.
George V. Hulme |
13 Oct |
Read more
According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That's great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must brace for the fact that the <a href="http://www.csoonline.com/article/690905/iphone-and-ipad-security-the-human-element">bad guys will target these devices</a> with attack exploits, spyware, and rogue applications.
George V. Hulme |
06 Oct |
Read more
A surprisingly high--unreasonably high, in fact--number of organizations think their security program is part of the vanguard of risk management.
George V. Hulme |
04 Oct |
Read more
A new survey from PricewaterhouseCoopers has found that a majority of health enterprises do not have the security in place, nor the policies, to properly protect patient data and privacy.
George V. Hulme |
01 Oct |
Read more
The past couple of weeks have not been the best for Mac OS X's security reputation.
George V. Hulme |
29 Sep |
Read more
There's been no shortage of high-profile and damaging data breaches in the past year. And the targets are widely varied-they include security firms RSA Security and HBGary Federal, defense contractors Lockheed Martin and Northrop Grumman, entertainment giant Sony, major retailers, healthcare companies and marketing firms.
George V. Hulme |
29 Sep |
Read more
Bug bounty programs are designed to reward security researchers for finding flaws in a vendor's product that have made it past their own quality processes. Some organizations, such as Google and Mozilla, have had bug bounty programs in place for a time, while social networking site <a href="http://www.csoonline.com/article/686924/facebook-to-pay-hackers-for-bugs">Facebook just announced a bug bounty program</a> with a base reward of $500.
George V. Hulme |
10 Aug |
Read more
For years businesses have talked about how important security is to their customers and to the success of their business. However, with <a href="http://www.csoonline.com/special/slideshows/data_breaches/index">so many breaches in so many different industries</a>, it's tough to take organizations at their word.
George V. Hulme |
23 Jul |
Read more
There's been an incredible number of records breached this year, including:
George V. Hulme |
12 Jul |
Read more
Mobile payments technology is a loud sonic boom thundering through the payments industry. But are all -- or any -- of these payment schemes compliant with the <a href="http://www.csoonline.com/article/519563/the-great-pci-security-debate-of-2010-transcribed">Payment Card Industry Data Security Standard (PCI DSS?)</a>
George V. Hulme |
05 Jul |
Read more
After several large breaches -- including the <a href="http://blogs.csoonline.com/1457/epsilon_hack_notification_letters">Epsilon</a>, <a href="http://www.csoonline.com/article/680689/sony-playstation-network-personal-user-data-stolen">Sony</a>, and <a href="http://www.csoonline.com/article/684463/citigroup-reveals-breach-affected-over-360-000-cards">Citigroup</a> incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.
George V. Hulme |
27 Jun |
Read more
It's no state secret that industrial and automation control systems have a way to go before they're resilient from targeted and sophisticated malware attacks. Just last week the International Society of Automation (ISA) announced that the ISA99 standards committee on Industrial Automation and Control Systems Security had formed a task group to conduct a gap analysis of the current ANSI (American National Standards Institute) ISA99 standards and modern threats against critical industrial systems, such as Stuxnet.
George V. Hulme |
12 Mar |
Read more
While the race between industrial control system attackers and defenders didn't start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.
George V. Hulme |
01 Apr |
Read more