Information security policies, procedures and guidelines

Browse the articles and tips in this section for the latest information on how to create, manage and implement effective information security policies, procedures and guidelines, such as acceptable use, device and remote access policies.

Top Stories

Tip 08 Oct 2025
Top 15 IT security frameworks and standards explained

Several IT security frameworks and standards exist to help protect company data. Here's advice for choosing the right ones for your organization. Continue Reading
By
- Paul Kirvan
Tip 22 Aug 2025
Red vs. blue vs. purple team: What are the differences?

Red teams attack, blue teams defend and purple teams facilitate collaboration. Together, they strengthen cybersecurity through simulated exercises and knowledge sharing. Continue Reading
By
- Sharon Shea, Executive Editor

News 28 Apr 2020
Bugcrowd launches 'classic' penetration testing service

The crowdsourcing security company launched the Bugcrowd Classic Pen Test service to offer enterprises a more cost-effective and efficient way to test their cybersecurity posture. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Feature 28 Apr 2020
Cybersecurity impact analysis template for pandemic planning

This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event. Continue Reading
By
- IANS, Guest Contributor
Feature 27 Apr 2020
Securing a remote workforce amplifies common cybersecurity risks

Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks. Continue Reading
By
- Mary K. Pratt
Feature 24 Apr 2020
Coronavirus phishing threats force heightened user awareness

As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense. Continue Reading
By
- Michael Heller, TechTarget
News 23 Apr 2020
COVID-19 strains critical certificate authority processes

Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 20 Apr 2020
Zero-trust management challenges outweighed by benefits

The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 15 Apr 2020
Do IT service providers need MSP cybersecurity insurance?

Today's fraught threat landscape puts MSPs and customers at risk. Purchasing liability insurance reassures subscribers while protecting providers in case of a malware incident. Continue Reading
By
- Esther Shein
Feature 31 Mar 2020
Will nonprofit's evolution of zero trust secure consumer data?

An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection? Continue Reading
By
- Mary K. Pratt
Feature 16 Mar 2020
How privacy compliance rules will affect IT security

As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden. Continue Reading
By
- Ben Cole, Executive Editor
Podcast 06 Mar 2020
Risk & Repeat: Recapping RSA Conference 2020

This Risk & Repeat podcast looks back at RSA Conference and discusses some of the highlights from the show, from ransomware trends to nation-state hacking discussions. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 04 Mar 2020
Should ransomware payments be insurable? Experts weigh in

Ransomware payments are insurable, but should they be? Several experts weighed in on the question, and the effect of cyberinsurance, during RSA Conference 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Tip 04 Mar 2020
Tips for cybersecurity pandemic planning in the workplace

Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event. Continue Reading
By
- Paul Kirvan
Tip 26 Feb 2020
Stop business email compromise with three key approaches

Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading
By
- Nick Cavalancia, Techvangelism
News 25 Feb 2020
RSA Security president: We're excited about sale to STG

In his RSA Conference keynote, Rohit Ghai didn't say much about his company's sale to a private equity firm, instead urging attendees to focus on the 'human element' of security. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Tip 12 Feb 2020
How to handle nation-state cyberattacks on the enterprise

It's only a matter of time before nation-state cyberattacks that threaten government entities today target the enterprise. Follow our expert's tips to prepare in time. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Feature 10 Feb 2020
Beat common types of cyberfraud with security awareness

Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud. Continue Reading
By
- Sharon Shea, Executive Editor
Podcast 05 Feb 2020
Risk & Repeat: 2019 data breaches in review

This week's Risk & Repeat podcast looks at some of the biggest data breach disclosures from the second half of 2019 and discusses the trends around these incidents. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 03 Feb 2020
Cisco CISO says today's enterprise must take chances

Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 23 Jan 2020
AWS leak exposes passwords, private keys on GitHub

UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Tip 16 Jan 2020
Craft an effective application security testing process

For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 14 Jan 2020
CrowdStrike: Intrusion self-detection, dwell time both increasing

The 2019 CrowdStrike Services Cyber Front Lines Report found that while the percentage of organizations that self-detected an intrusion is up, dwell time has gone up as well. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 08 Jan 2020
Experts weigh in on risk of Iranian cyberattacks against U.S.

Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S. Continue Reading
By
- Michael Heller, TechTarget
Tip 31 Dec 2019
NIST CSF provides guidelines for risk-based cybersecurity

Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
By
- Peter Sullivan
Feature 16 Dec 2019
The ins and outs of cyber insurance coverage

Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
By
- Sharon Shea, Executive Editor
- Pearson Education
News 12 Dec 2019
Pentagon CMMC program to vet contractor cybersecurity

The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks. Continue Reading
By
- Michael Heller, TechTarget
Feature 11 Dec 2019
Ideal DevSecOps strategy requires the right staff and tools

Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
By
- Katie Donegan, Social Media Manager
Answer 09 Dec 2019
How can companies identify IT infrastructure vulnerabilities?

New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat intelligence services can help. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 25 Nov 2019
As cybersecurity insurance coverage becomes common, buyer beware

Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Tip 12 Nov 2019
A fresh look at enterprise firewall management

Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization. Continue Reading
By
- Tom Nolle, Andover Intel
Tip 11 Nov 2019
Zero-trust framework creates challenges for app dev

Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers. Continue Reading
By
- Michael Cobb
News 08 Nov 2019
Microsoft cybersecurity training to become mandatory for its workers

Microsoft's cybersecurity training program, which uses AI-powered tools to reinforce learning, is mandated for all employees. It will also be launched in a version for customers. Continue Reading
By
- Chris Kanaracus
Feature 07 Nov 2019
Creating and managing a zero-trust security framework

IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 06 Nov 2019
4 innovative ways to remedy the cybersecurity skills gap

Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading
By
- Sharon Shea, Executive Editor
Quiz 04 Nov 2019
Test your grasp of AI threats, privacy regulations and more

Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Opinion 01 Nov 2019
CISOs, does your incident response plan cover all the bases?

Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
01 Nov 2019

CISOs, does your incident response plan cover all the bases?

Continue Reading
Feature 01 Nov 2019
Report shows CISOs, IT unprepared for privacy regulations

Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading
By
- Ben Cole, Executive Editor
Answer 29 Oct 2019
What are the roles and responsibilities of a liaison officer?

While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
By
- Sharon Shea, Executive Editor
- Mike Rothman, Securosis
Feature 28 Oct 2019
How the future of data privacy regulation is spurring change

Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading
By
- Mary K. Pratt
Feature 23 Oct 2019
Combat the human aspect of risk with insider threat management

When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
By
- Katie Donegan, Social Media Manager
Answer 17 Oct 2019
Is a cybersecurity insurance policy a worthy investment?

Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a wise investment to prevent risk. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 16 Oct 2019
How should I choose a cybersecurity insurance provider?

To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and how to get the answers you need. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 15 Oct 2019
What types of cybersecurity insurance coverage are available?

Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Opinion 15 Oct 2019
NIST offers a handy vendor-neutral overview of zero trust architecture

Curious about zero trust but don’t understand it yet or how to achieve it, then NIST is here to help you. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 01 Oct 2019
Your third-party risk management best practices need updating

Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 25 Sep 2019
How to use SOAR tools to simplify enterprise infosec programs

SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 24 Sep 2019
Using DNS RPZ to pump up cybersecurity awareness

Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Quiz 16 Sep 2019
Test your infosec smarts about IAM and other key subjects

Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
News 07 Aug 2019
Black Hat 2019 keynote: Software teams must own security

In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback. Continue Reading
By
- Michael Heller, TechTarget
News 05 Aug 2019
BlackBerry Intelligent Security enables flexible security policy

BlackBerry launched a new unified endpoint management platform, BlackBerry Intelligent Security, which changes security policies by calculating user risk. Continue Reading
By
- Ha Ta
Feature 02 Aug 2019
Why is third-party risk management essential to cybersecurity?

Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Feature 30 Jul 2019
Tackling IT security awareness training with a county CISO

A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading
By
- Alissa Irei, Senior Site Editor
Feature 23 Jul 2019
Portrait of a CISO: Roles and responsibilities

Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
By
- Katie Donegan, Social Media Manager
Tip 17 Jul 2019
The benefits of IAM can far outweigh the costs

Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 26 Jun 2019
Build a proactive cybersecurity approach that delivers

Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
By
- Stan Gibson, Stan Gibson Communications
Tip 25 Jun 2019
What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Tip 24 Jun 2019
4 steps to critical infrastructure protection readiness

Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR. Continue Reading
By
- Ernie Hayden, 443 Consulting LLC
News 20 Jun 2019
Gartner: Application security programs coming up short

At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
By
- Mekhala Roy
Podcast 07 Jun 2019
Tenable CEO Amit Yoran wants to stop 'cyber helplessness'

This week's Risk & Repeat podcast features Tenable CEO Amit Yoran, who discusses what he calls 'cyber helplessness' and how the mentality is infecting enterprises. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 06 Jun 2019
Security awareness training for executives keeps whaling at bay

Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 28 May 2019
Cylance CSO: Let's name and shame failed security controls

Malcolm Harkins, the chief security and trust officer at BlackBerry Cylance, says security controls that don't live up to their billing should be taking more blame for data breaches. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 23 May 2019
10 ways to prevent computer security threats from insiders

Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders. Continue Reading
By
- David Bianco, Target
Feature 20 May 2019
What makes BSA's secure software development framework unique?

BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Opinion 01 May 2019
Putting cybersecurity for healthcare on solid footing

CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
By
- Alan R. Earls
Guide 29 Apr 2019
How to manage email security risks and threats

When faced with email security risks -- and who isn't? -- do you have the right tools, features, training and best practices in place to face down phishing attacks and manage other threats proactively? Start with this guide. Continue Reading
By
- Kate Gerwig, Editorial Director
Feature 15 Apr 2019
Challenges and benefits of using the Mitre ATT&CK framework

Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 12 Apr 2019
Top 5 reasons for a zero-trust approach to network security

As network perimeters disintegrate and enterprises adopt cloud computing, discover the top reasons organizations are opting for a zero-trust approach to network security. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 10 Apr 2019
What are the most important security awareness training topics?

Organizations looking to heighten security awareness among employees need to cover a wide variety of security awareness training topics, but social engineering tops the list. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 09 Apr 2019
DHS-led agency works to visualize, share cyber-risk information

A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
By
- Mary K. Pratt
Feature 29 Mar 2019
HPE takes aim at STEM and cybersecurity education, awareness

HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry. Continue Reading
By
- Madelyn Bacon, TechTarget
Feature 29 Mar 2019
New game provides cybersecurity education for Girl Scouts

A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 28 Mar 2019
Simplify incident response for zero-day vulnerability protection and beyond

Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets. Continue Reading
By
- Peter Sullivan
Feature 26 Mar 2019
Zero-trust security model primer: What, why and how

What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders. Continue Reading
By
- Jessica Scarpati
Conference Coverage 07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering

Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 04 Mar 2019
To improve incident response capability, start with the right CSIRT

Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability. Continue Reading
By
- Peter Sullivan
Tip 20 Feb 2019
Key steps to put your zero-trust security plan into action

There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
By
- Dave Shackleford, Voodoo Security
Answer 12 Feb 2019
Should large enterprises add dark web monitoring to their security policies?

Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find. Continue Reading
By
- Nick Lewis
Feature 01 Feb 2019
CISO tackles banking cybersecurity and changing roles

Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
By
- Alan R. Earls
Feature 01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues

From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
By
- Mary K. Pratt
Feature 01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum

Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
By
- Robert Lemos
Opinion 01 Feb 2019
What a proactive cybersecurity stance means in 2019

Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
01 Feb 2019

What a proactive cybersecurity stance means in 2019

Continue Reading
Feature 01 Feb 2019
Cyber NYC initiative strives to make New York a cybersecurity hub

New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading
By
- Mary K. Pratt
Opinion 27 Dec 2018
How paradigms shifting can alter the goals of attackers and defenders

The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci. Continue Reading
By
- Matthew Pascucci
Tip 10 Dec 2018
5 actionable deception-tech steps to take to fight hackers

Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
By
- Dave Shackleford, Voodoo Security
Blog Post 29 Nov 2018
Will cybersecurity safety ever equal air travel safety?

Guaranteeing cybersecurity safety is one of the biggest challenges facing the tech industry, but using aviation safety as a model may help achieve that goal. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Podcast 08 Nov 2018
Risk & Repeat: MIT CSAIL discusses securing the enterprise

This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Tip 31 Oct 2018
NIST incident response plan: 4 steps to better incident handling

The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Answer 22 Oct 2018
What are DMARC records and can they improve email security?

Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson. Continue Reading
By
- Judith Myerson
Definition 28 Sep 2018
CAIQ (Consensus Assessments Initiative Questionnaire)

The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider. Continue Reading
By
- Linda Rosencrance
- Madelyn Bacon, TechTarget
Opinion 25 Sep 2018
Why a unified local government security program is crucial

When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial. Continue Reading
By
- Matthew Pascucci
Podcast 23 Aug 2018
Risk & Repeat: Meltdown and Spectre disclosure in review

In this week's Risk & Repeat podcast, SearchSecurity editors discuss new insights -- and questions -- regarding the coordinated disclosure effort for Meltdown and Spectre. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 13 Aug 2018
Lessons learned from Meltdown and Spectre disclosure process

During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 09 Aug 2018
Meltdown and Spectre disclosure suffered "extraordinary miscommunication"

During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Tip 07 Aug 2018
What to do when IPv4 and IPv6 policies disagree

Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules. Continue Reading
By
- Fernando Gont, SI6 Networks
News 03 Aug 2018
Disclose.io launches vulnerability disclosure 'safe harbor'

News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Opinion 01 Aug 2018
Why third-party access to data may come at a price

Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners. Continue Reading
By
- Kathleen Richards
Feature 31 Jul 2018
Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'

Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 18 Jun 2018
Accenture's Tammy Moskites explains how the CISO position is changing

Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 30 May 2018
McAfee CISO explains why diversity in cybersecurity matters

Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor