Opinion

Opinion

• The tug of war between user behavior analysis and SIEM

  Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component?  Continue Reading

• What's with cybersecurity education? We ask Blaine Burnham

  When he left the NSA, Burnham helped build the security education and research programs at the Georgia Institute of Technology and other universities. What did he learn?  Continue Reading

• From the White House to IBM Watson technology with Phyllis Schneck

  The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science.  Continue Reading

• Are companies with a SOC team less likely to get breached?

  Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.  Continue Reading

• Building a secure operating system with Roger R. Schell

  The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.  Continue Reading

• No customer data leaks? Companies look down the rabbit hole

  When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation.  Continue Reading

• From security product marketing to CEO: Jennifer Steffens

  The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider.  Continue Reading

• A damaging spring of internet worms and poor performance

  Security is a hot topic for media outlets that report on stock markets as companies founder on corporate earnings. The financial fallout of global malware is a call to action.  Continue Reading

• Interfacing with an information technology entrepreneur

  E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works.  Continue Reading

• Do thoughts of your least secure endpoint keep you up at night?

  Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies.  Continue Reading

• How intelligence data leaks caused collateral damage for infosec

  Alvaka Networks' Kevin McDonald looks at the real-world damage caused by data leaks at the CIA and NSA, which have put dangerous government cyberweapons in the hands of hackers  Continue Reading

• Wendy Nather: 'We're on a trajectory for profound change'

  This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.  Continue Reading

• Q&A: GDPR compliance with Microsoft CPO Brendon Lynch

  Failure to achieve compliance with the EU's General Data Protection Regulation in the next 12 months can trigger fines of up to 4% of a company's gross annual revenue.  Continue Reading

• CISO job requires proven track record in business and security

  In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater.  Continue Reading

• Start redrawing your identity and access management roadmap

  Securing enterprise systems and information requires an IAM roadmap that helps you identify effective policy, technology and tools.  Continue Reading

• Chenxi Wang discusses DEF CON hacking conference, 'Equal Respect'

  Grassroots efforts to shift cultural thinking in information security have had a positive effect, the former professor of computer engineering says.  Continue Reading

• Outsourcing security services rises as MSSPs focus on industries

  Despite increasing levels of specialization, managed security service providers often don't understand the business you're in. That may be changing.  Continue Reading

• The best SSO for enterprises must be cloud and mobile capable

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.  Continue Reading

• AI or not, machine learning in cybersecurity advances

  As more companies promote machine learning and artificial intelligence technologies, chief information security officers need to ask some tough questions to get past the hype.  Continue Reading

• Q&A: IBM's Diana Kelley got an early start in IT, security came later

  How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor.  Continue Reading

• Uncharted path to IT and compliance with Digital River's Dyann Bradbury

  Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider.  Continue Reading

• WMI tools make the perfect crime 'malware-free'

  Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it?  Continue Reading

• Can white-box cryptography save your apps?

  With the Internet of Things, software-based secure elements could hold the key.  Continue Reading

• McGraw: Seven myths of software security best practices

  According to expert Gary McGraw, you're not helping yourself by believing the things -- all seven of them -- you've heard about secure software development.  Continue Reading

• Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso

  There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.  Continue Reading

• Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.  Continue Reading

• Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.  Continue Reading

• Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.  Continue Reading

• Data supports need for security awareness training despite naysayers

  Claims that security awareness training doesn't work are unsubstantiated, explain software security experts Gary McGraw and Sammy Migues.  Continue Reading

• Gary McGraw on software security assurance: Build it in, build it right

  If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.  Continue Reading