Expert analysis
A call to researchers: Mix some creation with your destruction
Since I can first remember being interested in information security, my personal hacker heroes (and I’m using hacker positively here) were the researchers who discovered zero …
Does the UK need to do more to address the threat of nuclear terrorism?
The emotive nature of linking nuclear and terrorism in the same sentence leads to understandably visceral responses as we all seek to protect ourselves and our loved ones from …
How data-centric security works
The traditional methods of how to address information security have all been for ages about protecting the perimeter and the network, protecting where the files are located. …
Instilling a culture of cyber security
Every company that sells cyber security technology markets how their tools will “defend”, “stop threats” and “protect”. There is no doubt that the technologies that exist …
How to develop effective honeypots
Honeypots – decoy systems used for learning cyber attackers’ capabilities and potential objectives – can be very useful to organizations, businesses, and …
Microsoft releases critical patches, improves IE security
This June Patch Tuesday we have a slightly smaller patch load from Microsoft, taking us back to more historic average releases of eight bulletins. We have just two critical …
Proactive FISMA compliance with continuous monitoring
After a great deal of debate and delay, the Federal Information Security Management Act (FISMA) finally saw a substantive update in December 2014. For federal agencies and the …
Windows 10: More security with non-stop patching
Microsoft is ready to abandon the longstanding patching schedule that saw patches and security updates being delivered on the second Tuesday of every month. With the advent of …
Cookie warnings: Useless and bad for security?
Cookies are the official and standard and preferred way of keeping state in the (otherwise) stateless HTTP protocol. They are sometimes used for keeping track of a user beyond …
The challenges of data classification
We are living in a data driven society with globalizing economies, data transfer, and ubiquitous access to everything from everywhere. From information gateways, websites, …
Drone detection: What works and what doesn’t
Another drone was discovered flying in restricted air space around the White House two weeks ago. The Secret Service found the pilot simply because they happened to see him. …
Breach detection: Five fatal flaws and how to avoid them
When the Sarbanes-Oxley Act of 2002 was passed, it fell on corporate security teams to translate its requirements into technical controls. That threw the IT Security function …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade