Stories by George V. Hulme

How to have real risk management

Our coverage of the annual Global Information Security Survey conducted by CSO and CIO magazines in partnership with PwC has sparked some interesting discussions about <a href="">what it takes to be a security leader</a>. Specifically, the discussion is about how organizations can move <a href="">from being a security laggard to something better</a>. As part of those discussions, we spoke with Andy Ellis, chief security officer at Akamai Technologies. Ellis is responsible for overseeing the security architecture and compliance of the company's globally distributed network and sets the strategic direction of its security.

George V. Hulme | 02 Nov | Read more

Enterprises need to focus on data, enterprise culture

It's no secret that enterprise users are bringing more <a href="">types of IT devices to work</a> -- devices not necessarily condoned or managed by IT -- while they're also using more cloud-based services to store, manage and share their work related files.

George V. Hulme | 15 Oct | Read more

Survey finds dangerous gap in prevention

It's no big secret: contemporary attacks are levied over the Web; attackers will craft custom malware to slither past anti-malware defenses; and any business on any given day can be compromised. That's the reality of where information security stands today.

George V. Hulme | 13 Oct | Read more

Mobile security threats are heating up

According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That's great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must brace for the fact that the <a href="">bad guys will target these devices</a> with attack exploits, spyware, and rogue applications.

George V. Hulme | 06 Oct | Read more

Are CIOs Too Cocky About Security?

There's been no shortage of high-profile and damaging data breaches in the past year. And the targets are widely varied-they include security firms RSA Security and HBGary Federal, defense contractors Lockheed Martin and Northrop Grumman, entertainment giant Sony, major retailers, healthcare companies and marketing firms.

George V. Hulme | 29 Sep | Read more

Microsoft's BlueHat goal: Kill bugs dead

Bug bounty programs are designed to reward security researchers for finding flaws in a vendor's product that have made it past their own quality processes. Some organizations, such as Google and Mozilla, have had bug bounty programs in place for a time, while social networking site <a href="">Facebook just announced a bug bounty program</a> with a base reward of $500.

George V. Hulme | 10 Aug | Read more

The business-security disconnect that won't die

For years businesses have talked about how important security is to their customers and to the success of their business. However, with <a href="">so many breaches in so many different industries</a>, it's tough to take organizations at their word.

George V. Hulme | 23 Jul | Read more

Mobile payments, PCI DSS compliance: Some clarity

Mobile payments technology is a loud sonic boom thundering through the payments industry. But are all -- or any -- of these payment schemes compliant with the <a href="">Payment Card Industry Data Security Standard (PCI DSS?)</a>

George V. Hulme | 05 Jul | Read more

They're back! Data breach notification bills resurface

After several large breaches -- including the <a href="">Epsilon</a>, <a href="">Sony</a>, and <a href="">Citigroup</a> incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.

George V. Hulme | 27 Jun | Read more

Industry association aims to bolster SCADA security

It's no state secret that industrial and automation control systems have a way to go before they're resilient from targeted and sophisticated malware attacks. Just last week the International Society of Automation (ISA) announced that the ISA99 standards committee on Industrial Automation and Control Systems Security had formed a task group to conduct a gap analysis of the current ANSI (American National Standards Institute) ISA99 standards and modern threats against critical industrial systems, such as Stuxnet.

George V. Hulme | 12 Mar | Read more

SCADA security arms race underway

While the race between industrial control system attackers and defenders didn't start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.

George V. Hulme | 01 Apr | Read more