Security audit, compliance and standards
Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.
Top Stories
-
Tip
20 Sep 2022
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
-
Tip
14 Jun 2022
3 steps for CDOs to ensure data sovereignty in the cloud
Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
-
Tip
20 Jul 2020
Follow 3 key steps to improve multi-cloud monitoring
Successful multi-cloud monitoring anticipates security vulnerabilities unique to operating across several environments. Follow these steps to improve multi-cloud security. Continue Reading
-
Tip
20 Jul 2020
Post-pandemic cybersecurity: Lessons learned
Pandemic lockdowns provided companies with valuable cybersecurity experience. Here's how to make sure post-pandemic cybersecurity operations are prepared for a second wave. Continue Reading
-
News
17 Jul 2020
'SigRed' alert: Experts urge action on Windows DNS vulnerability
Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft. Continue Reading
-
Feature
17 Jul 2020
How to address and close the cloud security readiness gap
Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap. Continue Reading
-
News
17 Jul 2020
Identity theft subscription services uncovered on dark web
Identity theft subscriptions are now being offered on the dark web. This information is being used for carding operations, account generation and other cybercrime schemes. Continue Reading
-
Podcast
17 Jul 2020
Risk & Repeat: Twitter breach leads to account hijacking
This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others. Continue Reading
-
News
15 Jul 2020
Advent, Forescout bury the hatchet with new acquisition deal
Despite an ugly legal dispute and allegations of channel stuffing, Advent International and Forescout Technologies are moving forward with an amended acquisition agreement. Continue Reading
-
News
15 Jul 2020
Attackers find new way to exploit Docker APIs
Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. Continue Reading
-
Tip
15 Jul 2020
To face modern threats, using AI for cybersecurity a necessity
As cyberattacks grow in complexity, using AI for cybersecurity is required to stay ahead of threats. Here's how to integrate AI into security processes and avoid potential risk. Continue Reading
-
News
15 Jul 2020
Citrix data exposed in third-party breach
Citrix CISO Fermin Serna said a third-party organization is investigating a data breach after some of the vendor's customer data ended up on a dark web marketplace. Continue Reading
-
News
13 Jul 2020
RSA finds two-thirds of phishing attacks directed at Canada
RSA Security researchers found that nearly 70% of phishing attacks were directed at users in Canada, while the majority of attacks come from U.S.-based ISPs and hosting providers. Continue Reading
-
News
10 Jul 2020
Cybercriminals auction off admin credentials for $3,000
Threat actors are auctioning off domain administrator accounts, selling access to the highest bidder for an average of $3,139 and up to $140,000, according to Digital Shadows. Continue Reading
-
Tip
09 Jul 2020
Enhance your cloud threat protection with 5 tools, and more
Explore the best tools and tactics; you'll need the most effective arsenal available to counteract the attackers gunning for your cloud-based workloads and apps. Continue Reading
-
News
09 Jul 2020
Data theft in ransomware attacks may change disclosure game
Many ransomware attacks aren't publicly disclosed. But as ransomware gangs continue to steal, encrypt and threaten to publicly release data, that may be changing. Continue Reading
-
Feature
09 Jul 2020
How cyber warfare laws limit risk on a digital battleground
Retired Navy cryptologist implores enterprises to build key cyber warfare laws into their infosec strategy to improve survivability on the digital battleground in his new book. Continue Reading
-
Feature
09 Jul 2020
The future of cyber warfare requires infosec's attention
The future of cyber warfare places enterprise security and survivability in the crosshairs. Learn more about cyber warfare threats and capabilities and how infosec can prepare. Continue Reading
-
News
08 Jul 2020
Microsoft seizes malicious domains used in COVID-19 phishing
Microsoft went to court to seize several malicious domains that were used by cybercriminals in extensive phishing and BEC attacks on Office 365 accounts amid the current pandemic. Continue Reading
-
Tip
08 Jul 2020
5 steps to help prevent supply chain cybersecurity threats
Follow five steps to lower the risk of supply chain cybersecurity threats, from creating third-party risk management teams to using blockchain and hyperledger and more. Continue Reading
-
Answer
08 Jul 2020
Stateful vs. stateless firewalls: Understanding the differences
Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise setting. Continue Reading
-
Tip
07 Jul 2020
Navigate the DOD's Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them. Continue Reading
-
Feature
07 Jul 2020
Why COVID-19 won't stop cybersecurity jobs and recruitment
The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe. Continue Reading
-
Feature
07 Jul 2020
5 PCI DSS best practices to improve compliance
Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here. Continue Reading
-
News
06 Jul 2020
Critical F5 Networks vulnerability under attack
A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors. Continue Reading
-
Tip
06 Jul 2020
How IAM systems support compliance
IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise. Continue Reading
-
Feature
02 Jul 2020
Interconnected critical infrastructure increases cybersecurity risk
Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks. Continue Reading
-
News
01 Jul 2020
Microsoft fixes Windows Codecs flaws with emergency patches
Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative. Continue Reading
-
News
01 Jul 2020
Snake ransomware poses unique danger to industrial systems
The new ransomware family known as Snake, or Ekans, is designed for organizations with industrial control systems and has already struck at least two enterprises. Continue Reading
-
Tip
30 Jun 2020
3 must-ask post-pandemic questions for CISOs
The worldwide health pandemic has created multiple challenges for today's CISOs and their security teams. Ask these three questions to stay safe in a post-pandemic workplace. Continue Reading
-
Answer
30 Jun 2020
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
-
News
29 Jun 2020
Record-setting DDoS attacks indicate troubling trend
Akamai Technologies recently mitigated two of the largest DDoS attacks ever recorded on its platform, including a massive 809 million packets per second attack against a bank. Continue Reading
-
Tip
29 Jun 2020
Privacy-preserving machine learning assuages infosec fears
Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how. Continue Reading
-
News
26 Jun 2020
Maze ransomware hit biggest target yet with LG breach
The operators of Maze ransomware claim to have breached LG, offering three screenshots as proof. One of those screenshots features LG product source code. Continue Reading
-
News
25 Jun 2020
Open source vulnerabilities down 20% in 2019
Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture. Continue Reading
-
News
23 Jun 2020
MSPs scramble to bolster security amid ransomware spike
After a flurry of devastating ransomware attacks in 2019, MSPs and vendor partners are improving security to prevent history from repeating during the pandemic. Continue Reading
-
News
22 Jun 2020
Microsoft acquires CyberX to strengthen IoT security offering
Microsoft is acquiring CyberX to boost its IoT security offerings, though it's unknown whether CyberX will remain a separate entity or be integrated into Microsoft. Continue Reading
-
Podcast
19 Jun 2020
Risk & Repeat: Vault 7 report slams CIA security practices
This week's Risk & Repeat podcast discusses the CIA's internal task force report on the Vault 7 leak, which blasted the agency for a variety of serious security lapses. Continue Reading
-
Answer
19 Jun 2020
How to prevent network eavesdropping attacks
One of the biggest challenges of network eavesdropping attacks is they are difficult to detect. Read about prevention measures to help keep your network safe from snoopers and sniffers. Continue Reading
-
News
18 Jun 2020
New Cisco Webex vulnerability exposes authentication tokens
Trustwave SpiderLabs researchers disclosed a vulnerability in Cisco Webex software that leaks information stored in memory, including authentication tokens. Continue Reading
-
Tip
17 Jun 2020
Istio service mesh security benefits microservices, developers
Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading
-
News
16 Jun 2020
ZDI drops 10 zero-day vulnerabilities in Netgear router
Trend Micro's Zero Day Initiative published 10 vulnerabilities in Netgear's R6700 router that have gone unpatched for seven months. Continue Reading
-
News
16 Jun 2020
CIA unaware of Vault 7 theft until WikiLeaks dump
An internal CIA report from the Wikileaks Task Force blasted the agency over the leak of the Vault 7 cyberweapons, which exposed dangerous hacking tools and vulnerabilities. Continue Reading
-
Feature
16 Jun 2020
Invest in new security talent with cybersecurity mentorships
Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must. Continue Reading
-
Tip
16 Jun 2020
Unpack the use of AI in cybersecurity, plus pros and cons
The use of AI in cybersecurity is now under renewed scrutiny as its popularity rises. Discover the pros and cons of machine learning and AI for incident response. Continue Reading
-
News
16 Jun 2020
Repeat ransomware attacks: Why organizations fall victim
Some organizations get hit with ransomware multiple times. Threat researchers explain why repeat attacks happen and how victims can prevent it from occurring again. Continue Reading
-
Answer
16 Jun 2020
6 key identity and access management benefits
Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework. Continue Reading
-
Answer
16 Jun 2020
Identity management vs. authentication: Know the difference
Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework. Continue Reading
-
Tip
15 Jun 2020
In biometrics, security concerns span technical, legal and ethical
Biometrics are increasingly being used for enterprise security, but they are not without technical, legal and ethical concerns, which teams must address before deployment. Continue Reading
-
Answer
15 Jun 2020
How to protect workloads using a zero-trust security model
Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization. Continue Reading
-
Tip
11 Jun 2020
3 key identity management tips to streamline workflows
Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading
-
News
11 Jun 2020
Italian company implicated in GuLoader malware attacks
While analyzing the network dropper GuLoader, researchers found an almost identical commercial software tool called CloudEye offered by a legitimate-looking Italian company. Continue Reading
-
Feature
11 Jun 2020
VPC security best practices and how to implement them in AWS
To best secure network access, AWS administrators need to create rules for network resources. Learn how to implement Amazon VPC security best practices in this book excerpt. Continue Reading
-
Feature
11 Jun 2020
Overcome AWS security vulnerabilities with VPCs, IAM
Securing network access in AWS requires the right rules to be in place. Learn more about Virtual Private Clouds and how implementing them can prevent common cloud security attacks. Continue Reading
-
Answer
11 Jun 2020
Identifying and troubleshooting VPN session timeout issues
Troubleshooting VPN session timeout and lockout issues should focus first on isolating where the root of the problem lies -- be it the internet connection, the VPN vendor or the user device. Continue Reading
-
News
10 Jun 2020
New 'Thanos' ransomware weaponizes RIPlace evasion technique
Recorded Future's Insikt Group uncovered a new ransomware-as-a-service tool named 'Thanos' that's the first ransomware to use the hard-to-detect RIPlace technique. Continue Reading
-
News
10 Jun 2020
Maze ransomware builds 'cartel' with other threat groups
Operators behind the Maze ransomware posted data leaks from competing ransomware gangs to their victim shaming website, suggesting they have joined forces. Continue Reading
-
Tip
10 Jun 2020
How security teams can prevent island-hopping cyberattacks
Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud. Continue Reading
-
News
09 Jun 2020
'CallStranger' vulnerability affects billions of UPNP devices
A new vulnerability in the Universal Plug and Play protocol could be used to exfiltrate enterprise data and launch DDoS attacks, and patches may not arrive for a long time. Continue Reading
-
Tip
09 Jun 2020
How to ensure security for 3 types of digital identity
Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how. Continue Reading
-
News
08 Jun 2020
CISA warns Microsoft SMB v3 vulnerability is under attack
CISA issued an alert Friday about attacks on a Microsoft Server Message Block v3 vulnerability and a proof-of-concept code that exploits the flaw in unpatched systems. Continue Reading
-
Tip
08 Jun 2020
Benefits of open source container vulnerability scanning
Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading
-
News
05 Jun 2020
Chinese, Iranian hackers targeted Trump and Biden campaigns
Shane Huntley, director of Google's Threat Analysis Group, announced that two state-backed APT groups targeted campaign staff for both Joe Biden and President Donald Trump. Continue Reading
-
Feature
05 Jun 2020
A case for both cybersecurity detection and prevention tools
Companies need both detection and prevention cybersecurity tools to effectively keep data and employees safe from attackers. Just one or the other isn't enough. Continue Reading
-
Podcast
05 Jun 2020
Risk & Repeat: Are ransomware groups joining forces?
This week's Risk & Repeat podcast discusses the prospect of ransomware gangs working together and what it could mean for enterprises and the overall threat landscape. Continue Reading
-
Feature
05 Jun 2020
How to build an effective IAM architecture
Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization. Continue Reading
-
News
04 Jun 2020
Remote work cybersecurity a concern during pandemic
Recent surveys by NordVPN and Kaspersky found that more than 60% of employees use personal devices as they work from home due to the coronavirus -- which creates cybersecurity issues. Continue Reading
-
News
04 Jun 2020
Attacks on Exim vulnerability continue one year later
Though the Exim mail transfer agent vulnerability was publicly disclosed in June 2019, a significant number of unpatched versions remain online and are at risk of attacks. Continue Reading
-
Tip
03 Jun 2020
4 essential identity and access management best practices
Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program. Continue Reading
-
Tip
03 Jun 2020
How automating incident response benefits security programs
Automating incident response can benefit security both in the cloud and in traditional settings. Expert Dave Shackleford explains what it can be used for and how it helps. Continue Reading
-
News
02 Jun 2020
VMware vulnerability enables takeover of cloud infrastructure
A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo. Continue Reading
-
Tip
01 Jun 2020
How to fortify IoT access control to improve cybersecurity
Security technology is still playing catch-up with the new risks and attack vectors associated with IoT. Learn how to improve IoT access control and identity management here. Continue Reading
-
Feature
01 Jun 2020
SASE adoption accelerating as workforce goes remote
Experts suggest enterprises should consider SASE adoption for network security as the remote workforce grows in order to reduce cost and complexity. Continue Reading
-
Tip
01 Jun 2020
12 Microsoft 365 security best practices to secure the suite
Migrating to or operating cloud-based Microsoft 365 can bring with it a host of problems and misconfigurations. Check out 12 best practices to tighten Microsoft 365 security. Continue Reading
-
News
29 May 2020
Cisco servers breached through SaltStack vulnerabilities
Threat actors exploited critical SaltStack flaws, which were disclosed and patched last month, in a Cisco product to breach several of the networking company's salt-master servers. Continue Reading
-
Feature
29 May 2020
How security testing could change after COVID-19
As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT. Continue Reading
-
News
28 May 2020
Supply chain attack hits 26 open source projects on GitHub
Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in open source projects, which were uploaded to GitHub. Continue Reading
-
Tip
28 May 2020
5 steps to determine residual risk during the assessment process
Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment. Continue Reading
-
Tip
27 May 2020
Top 6 cloud security analytics use cases
Security analytics use cases vary from fraud detection to threat intelligence analysis. Learn how deploying this technology in the cloud can improve enterprise infosec programs. Continue Reading
-
Answer
27 May 2020
Is VPN split tunneling worth the security risks?
Enabling VPN split tunneling may increase speed and decrease bandwidth use and costs, but it also increases the number of security vulnerabilities faced. Continue Reading
-
Feature
27 May 2020
Top 3 advantages of smart cards -- and potential disadvantages
As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
-
Tip
26 May 2020
AI threat intelligence is the future, and the future is now
Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works. Continue Reading
-
Tip
26 May 2020
Uncover and overcome cloud threat hunting obstacles
You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them. Continue Reading
-
News
26 May 2020
StrandHogg 2.0 allows attackers to imitate most Android apps
A new elevation-of-privilege vulnerability on Android, dubbed StrandHogg 2.0, allows threat actors to gain access to most apps, according to Norwegian mobile security firm Promon. Continue Reading
-
News
26 May 2020
Mandiant dishes on notorious Maze ransomware group
Mandiant threat researchers navigate the tools, tactics and procedures of the Maze ransomware group, which has become notorious for "shaming" victims with stolen data. Continue Reading
-
News
22 May 2020
Ragnar Locker ransomware attack hides inside virtual machine
Threat actors have developed a new type of attack method by hiding Ragnar Locker ransomware inside a virtual machine to avoid detection. Continue Reading
-
Podcast
22 May 2020
Risk & Repeat: When will mobile voting be ready?
This week's Risk & Repeat podcast examines the rise of mobile voting apps and how security experts have expressed concerns about the risks deploying the technology for elections. Continue Reading
-
Feature
20 May 2020
IT and security teams collide as companies work from home
The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security. Continue Reading
-
News
20 May 2020
Forescout sues Advent for calling off acquisition
Forescout Technologies filed a lawsuit against Advent International, claiming the private equity firm violated the terms of its $1.9 billion acquisition agreement. Continue Reading
-
Quiz
20 May 2020
Use these CCSK practice questions to prep for the exam
Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your knowledge with these CCSK practice questions. Continue Reading
-
Feature
20 May 2020
CCSK cert guide author's insights into cloud security credential
The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more. Continue Reading
-
Tip
19 May 2020
Top 2 post-COVID-19 CISO priorities changing in 2020
CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal. Continue Reading
-
News
19 May 2020
Verizon DBIR: Breaches doubled, but plenty of silver linings
The 2020 Verizon Data Breach Investigations Report showed the number of confirmed breaches last year nearly doubled, but it also highlighted some positive trends. Continue Reading
-
News
18 May 2020
Texas struck by two ransomware attacks in one week
The Texas Department of Transportation was hit with a ransomware attack last Thursday, marking the second ransomware incident on a state agency in less than a week. Continue Reading
-
News
18 May 2020
Advent calls off Forescout acquisition
On what was scheduled to be the closing day, Forescout Technologies instead announced Advent International will not proceed with the $1.9 billion acquisition as planned. Continue Reading
-
Tip
18 May 2020
How to balance secure remote working with on-site employees
Post-pandemic, organizations must strike the right balance between on-site and remote work security. Here's how to make sure your cybersecurity program is prepared. Continue Reading
-
Podcast
15 May 2020
Risk & Repeat: Black Hat, DEF CON canceled
This week's Risk & Repeat podcast looks at the recent cancellations of Black Hat USA 2020 and DEF CON 28 and what their virtual replacements will try to accomplish. Continue Reading
-
Feature
15 May 2020
Advance your security operations center with AI
Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes. Continue Reading
-
News
14 May 2020
CISA identifies malware from North Korean hacking group
The Cybersecurity and Infrastructure Security Agency, in conjunction with the FBI and DoD, has identified three variants of malware used by the North Korean government. Continue Reading
-
News
13 May 2020
Experts say mobile voting tech isn't the answer to COVID-19
Despite the mounting need for another alternative to in-person voting amid the COVID-19 pandemic, experts say mobile and online voting is just not ready for the general public. Continue Reading
-
News
12 May 2020
Q1 data breaches down, but exposed records reach new high
Threat intelligence firm Risk Based Security released its 2020 Q1 Report, which shows a 273 percent increase in exposed records and 42 percent decrease in publicly reported breaches. Continue Reading
-
Tip
12 May 2020
Comparing single cloud vs. multi-cloud security challenges
A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective. Continue Reading