Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
6 ways to prevent cybersecurity burnout
Consider investing in training for new employees, offering mentoring and setting goals, automating where possible and more to help prevent cybersecurity burnout. Continue Reading
Dispelling 4 of the top cloud security myths today
Booz Allen's Jimmy Pham and Brad Beaulieu dispel four major cloud security myths, exploring why staying in the cloud rather than returning to on premises may be the more secure option. Continue Reading
3 post-SolarWinds supply chain security best practices
Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading
-
How to manage third-party risk in the supply chain
From third-party risk assessments to multifactor authentication, follow these steps to ensure suppliers don't end up being your enterprise cybersecurity strategy's weakest link. Continue Reading
How to prevent supply chain attacks: Tips for suppliers
Every company, large and small, must assume it is a target in the supply chain. Suppliers should follow these best practices to keep themselves and their customers protected. Continue Reading
How to achieve security observability in complex environments
Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise.Continue Reading
Why developers should consider automated threat modeling
Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier?Continue Reading
Introducing development teams to threat modeling in SDLC
Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language.Continue Reading
How SolarWinds attack will change CISOs' priorities
Following cybersecurity best practices used to be enough, but after the SolarWinds supply chain attack, CISOs now have to rethink all their security protocols.Continue Reading
4 tips for aligning security with business objectives
Today's most effective CISOs develop cybersecurity strategies that fit their organizations' risk appetites and support business growth. Learn how they do it.Continue Reading
-
7 privileged access management best practices
Privileged access is a given in enterprise environments, but it presents many security issues if breached. Follow these seven PAM best practices to mitigate risk.Continue Reading
Cloud security policy configuration in AWS, Azure and GCP
Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder.Continue Reading
Secure multi-cloud with architecture and governance focus
Certified enterprise and security architect Jeroen Mulder explains why multi-cloud security architecture planning should be informed by the business and customer perspectives.Continue Reading
Design a human firewall training program in 5 steps
Follow these five steps to develop human firewall training that's not only effective at preventing social engineering attacks, but also relevant and accessible to employees.Continue Reading
5 tips to better secure cloud data
A move to cloud introduces new threats to data. Follow these tips to document, evaluate, test, monitor and harden the new environment.Continue Reading
The case for applying psychology in cybersecurity training
Chartered psychologist Rebecca McKeown describes how psychology in cybersecurity can improve incident response and makes the case for a research-based approach to training.Continue Reading
4 ways to minimize the risk of IT supply chain attacks
Mark Whitehead breaks down the importance of taking a zero-trust cybersecurity approach when it comes to protecting networks and data accessible by third-party partners.Continue Reading
Standardize cybersecurity terms to get everyone correct service
Some cybersecurity terms can refer to multiple service offerings, which can be confusing for companies looking to implement them as well as the companies providing them.Continue Reading
Adopting threat hunting techniques, tactics and strategy
Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, combining manual techniques with AI and machine learning.Continue Reading
Combine ML with human intelligence for your security strategy
As hackers target the ever-increasing complexity of company networks, enterprises need to find a balance between machine learning and human intelligence when protecting systems and data.Continue Reading
6 SaaS security best practices to protect applications
Use these SaaS security best practices to ensure your users' and organization's SaaS use stays as protected as the rest of your enterprise applications.Continue Reading
2021 IT priorities require security considerations
AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs?Continue Reading
7 cybersecurity priorities CISOs should focus on for 2021
For 2021, Vishal Salvi argues that CISOs should tie cybersecurity to business agendas better, invest in cloud security, implement IT hygiene, modernize security architecture and more.Continue Reading
The human firewall's role in a cybersecurity strategy
The human firewall is a crucial element of a long-term, holistic security initiative. Explore how human firewalls can protect your enterprise against attacks.Continue Reading
Juggle a multi-cloud security strategy with these 3 steps
Enterprise security best practices must account for changes in cloud landscapes. Learn how to overcome such challenges and bolster multi-cloud security with technology and policy.Continue Reading
The enterprise case for implementing live-fire cyber skilling
Companies continue to grapple with the cybersecurity skills gap, but Adi Dar offers a way to ensure security teams are properly trained through the use of live exercises.Continue Reading
Insider risk indicators thwart potential threats
By paying attention to risk indicators, enterprises can tell the difference between insider threat and insider risk to prevent falling victim at the hands of one of their own.Continue Reading
Enterprise cybersecurity threats spiked in 2020, more to come in 2021
After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021.Continue Reading
6 remote workforce cybersecurity strategies for 2021
Remote worker data security has quickly evolved into a top concern for IT security. Here are six strategies to ensure remote workforce cybersecurity in 2021.Continue Reading
Tackle multi-cloud key management challenges with KMaaS
Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps.Continue Reading
3 reasons why CISOs should collaborate more with CFOs
C-suite may not always understand ROI of security efforts, which is why Nabil Hannan suggests that CISOs work more closely with CFOs to learn how to best communicate security's value.Continue Reading
Building an effective security operations center framework
An effective security operations center framework combines monitoring and analysis platforms and threat intelligence services to help organizations respond to risks quickly.Continue Reading
Zero-trust initiatives rely on incremental security improvements
Despite implementation challenges, enterprise security leaders see zero trust as the security model of the future and are moving forward with adoption plans.Continue Reading
Key SOC metrics and KPIs: How to define and use them
Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here.Continue Reading
5 myths about putting security into CI/CD pipelines
Companies looking to introduce security testing earlier into software development must look past myths and understand what to realistically expect before creating their strategy.Continue Reading
7 SecOps roles and responsibilities for the modern enterprise
Now hiring: As organizations increasingly favor proactive cyber threat hunting and detection over bare-bones prevention, SecOps roles and responsibilities are shifting, too.Continue Reading
Security operations center use cases, strategies vary
More CISOs are turning to security operations centers to centralize infosec processes, but experience shows SOC use cases will depend on the organization's infosec objectives.Continue Reading
8 benefits of a security operations center
A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. Here are eight SOC benefits to consider.Continue Reading
10 tips for building a next-generation SOC
Check out 10 tips to help build a next-generation security operations center with the integrated tools to free security analysts to get ahead of and respond to threats fast.Continue Reading
Pair cyber insurance, risk mitigation to manage cyber-risk
The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy.Continue Reading
Note these 5 security operations center best practices
Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives.Continue Reading
Red team vs. blue team vs. purple team: What's the difference?
Red team-blue team exercises simulate attacks on enterprise networks. What does each team do? Where do purple teams fit in? Find out here.Continue Reading
Cybersecurity communication key to addressing risk
As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged.Continue Reading
Cybersecurity for remote workers: Lessons from the front
Tackle the security challenges COVID-19 wrought by using this playbook from an experienced disaster-zone responder.Continue Reading
COVID-19 cybersecurity data shows rising risk during remote pivot
When enterprises quickly pivoted to remote work during the pandemic, it prompted a wave of new threats while also widening existing gaps in cybersecurity postures.Continue Reading
AI cybersecurity raises analytics' accuracy, usability
The need for independent cybersecurity solutions testing
Rohit Dhamankar suggests implementing standardized testing of cybersecurity providers, like MSSPs and MDRs, to help companies better understand the services they're getting from each.Continue Reading
How to build a cloud security operations center
To better protect workloads and data in the cloud, security operations centers collaborate with various IT teams. Learn how to cloud-enable your organization's SOC.Continue Reading
Planning a zero-trust strategy in 6 steps
Launch a zero-trust strategy in six steps. Learn how to form a dedicated team, ask questions about existing security controls and evaluate the priority of zero-trust initiatives.Continue Reading
Cybersecurity budget relies on planning and negotiation
Experts from Gartner and Forrester discuss how successful cybersecurity budgeting during these uncertain times requires planning, research and negotiation.Continue Reading
For Cybersecurity Awareness Month, learn about emerging risks
Tami Hudson examines why leaders should use October to educate themselves and their companies around the latest attacks bad actors are implementing and where to prioritize investment.Continue Reading
3 common election security vulnerabilities pros should know
Election security remains top of mind for many right now, with Nabil Hannan discussing vulnerabilities like remote breaches, new attack surfaces and poor current controls.Continue Reading
How to improve cybersecurity for the workforce of the future
Many organizations continue to have employees work from home, but they haven't always hardened their cybersecurity efforts alongside this move to better protect employees and data.Continue Reading
Cybersecurity team structure stronger with 3 new roles
Having the right cybersecurity team in place can help reduce how long it takes to control threats. Consider adding cloud security, third-party risk and digital ethics specialists.Continue Reading
7 SOC automation use cases to augment security operations
Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs.Continue Reading
Inclusive job descriptions key for infosec hiring
When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start.Continue Reading
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.Continue Reading
Top 4 firewall-as-a-service security features and benefits
Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading
Security for SaaS applications starts with collaboration
Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use.Continue Reading
How to protect companies from business email compromise
Research shows that business email compromise attacks continue to proliferate as threat actors continue to see success. Here are a few ways to protect your company.Continue Reading
Combination of new, old tech driving remote access security
The massive shift to home-based workforces left IT vulnerable to unexpected threats, but organizations are combining old and new strategies to maintain remote access security.Continue Reading
Manage unsuccessful login attempts with account lockout policy
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to prevent credential-based attacks.Continue Reading
Inclusivity a crucial step beyond diversity in cybersecurity
Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well.Continue Reading
The 7 elements of an enterprise cybersecurity culture
An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks.Continue Reading
10 tips for cybersecurity awareness programs in uncertain times
Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you.Continue Reading
Develop internal cybersecurity talent to build your dream team
Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development.Continue Reading
How to shift from DevOps to DevSecOps
A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps.Continue Reading
Cybersecurity education for employees: Learn what works
Security issues with working remotely (and how to fix them)
With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely.Continue Reading
Follow 3 key steps to improve multi-cloud monitoring
Successful multi-cloud monitoring anticipates security vulnerabilities unique to operating across several environments. Follow these steps to improve multi-cloud security.Continue Reading
Cloud security risks and the countermeasures you need now
Don't let a dark cloud hang over your deployments. Get wise to what the key cloud risks are and how best to keep them from threatening your cloud-based workloads.Continue Reading
Enhance your cloud threat protection with 5 tools, and more
Explore the best tools and tactics; you'll need the most effective arsenal available to counteract the attackers gunning for your cloud-based workloads and apps.Continue Reading
5 PCI DSS best practices to improve compliance
Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here.Continue Reading
How IAM systems support compliance
IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise.Continue Reading
Invest in new security talent with cybersecurity mentorships
Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must.Continue Reading
6 key identity and access management benefits
Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework.Continue Reading
How to protect workloads using a zero-trust security model
Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization.Continue Reading
3 key identity management tips to streamline workflows
Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started.Continue Reading
VPC security best practices and how to implement them in AWS
To best secure network access, AWS administrators need to create rules for network resources. Learn how to implement Amazon VPC security best practices in this book excerpt.Continue Reading
Overcome AWS security vulnerabilities with VPCs, IAM
Securing network access in AWS requires the right rules to be in place. Learn more about Virtual Private Clouds and how implementing them can prevent common cloud security attacks.Continue Reading
How to ensure security for 3 types of digital identity
Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how.Continue Reading
A case for both cybersecurity detection and prevention tools
Companies need both detection and prevention cybersecurity tools to effectively keep data and employees safe from attackers. Just one or the other isn't enough.Continue Reading
How to build an effective IAM architecture
Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization.Continue Reading
4 essential identity and access management best practices
Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program.Continue Reading
How to fortify IoT access control to improve cybersecurity
Security technology is still playing catch-up with the new risks and attack vectors associated with IoT. Learn how to improve IoT access control and identity management here.Continue Reading
12 Microsoft 365 security best practices to secure the suite
Migrating to or operating cloud-based Microsoft 365 can bring with it a host of problems and misconfigurations. Check out 12 best practices to tighten Microsoft 365 security.Continue Reading
How security testing could change after COVID-19
As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT.Continue Reading
5 steps to determine residual risk during the assessment process
Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment.Continue Reading
How to get actionable threat intelligence from tech tools
Even advanced threat intelligence tools can't do it all alone. Learn what it takes to parse actionable insights from the information that threat intelligence feeds gather.Continue Reading
AI threat intelligence is the future, and the future is now
Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works.Continue Reading
Uncover and overcome cloud threat hunting obstacles
You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them.Continue Reading
IT and security teams collide as companies work from home
The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security.Continue Reading
Advance your security operations center with AI
Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes.Continue Reading
Identifying common Microsoft 365 security misconfigurations
Microsoft 365 security problems can double the time it takes to contain a breach, according to a new survey. Check out best practices and operational strategies to fix them.Continue Reading
Why nation-state cyberattacks must be top of mind for CISOs
Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why.Continue Reading
One security framework may be key to cyber effectiveness
The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations.Continue Reading
CISO stress and burnout cause high churn rate
The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work.Continue Reading
The state of cybersecurity risk: Detection and mitigation
Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading
Why CISOs need advanced network security strategies now
SSL certificate best practices for 2020 and beyond
SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more.Continue Reading