Ten questions that board members should ask about information security
Recent research should serve as a wakeup call to those charged with governance and compliance to apply the same rules to information risk that are in place for other forms of corporate risk.
Cyber attacks: the worst is yet to come
Cyber-crime and malware attacks will increase during 2014 as criminals capitalise on recent successes.
Resilience Metrics for Cyber Systems
Managing resilience for cyber systems requires metrics that reflect the relationships among system components in physical, information, cognitive and social domains.
Prolexic advises against a multi-layered strategy to block DDoS attacks
Multi-layered approaches increase the risk of website downtime rather than reduce it.
Information security management in the industrial sector
The industrial sector is less effective than other sectors in deploying risk management controls and communicating effectively about security.
FUD causing poor information security decision making
Fear of attack is causing security professionals to shift focus away from disciplines such as enterprise risk management and risk-based information security to technical security: Gartner.
Version 3.0 of the PCI Data Security Standard and Payment Application Data Security Standard published
New version introduces a penetration testing requirement and aims to make security a ‘business as usual’ activity.
Emerging Cyber Threats Report 2014
Georgia Tech has issued its annual report which looks at emerging cyber threats.
Are enterprises losing the cyber-war?
Survey finds a lack of confidence in the ability of organizations to detect and stop advanced attacks on enterprise servers.
‘Security Policy Orchestration: Supporting Tomorrow’s Networks’
A new report looks at the security challenges that increasing network complexity is causing.
Security officers gaining a strategic voice: IBM Study
A new IBM study of security leaders reveals that they are increasingly being called upon to address board-level security concerns and as a result are becoming a more strategic voice within their organizations.
New ENISA white paper: Can we learn from industrial control systems/SCADA security incidents?
ENISA, the EU’s cyber security agency, has released a white paper giving recommendations regarding prevention and preparedness for an agile and integrated response to cyber security attacks and incidents against industrial control systems / SCADA.
Time to resolve cyber-attacks more than doubles: Ponemon Institute survey
HP has published the results from a study conducted by the Ponemon Institute, indicating that the cost, frequency and time to resolve cyber-attacks continue to rise for the fourth consecutive year.
Operation Waking Shark 2 to test UK financial sector’s cyber-security defences and response mechanisms
Test scheduled for mid-November.
The majority of IT security professionals expect a state-sponsored cyber attack in the next six months
According to a Lieberman Software survey.
Revised BS ISO/IEC 27001 and BS ISO/IEC 27002 standards now available
The 2013 revision of the international information security standards will enable businesses of all sizes and sectors to accommodate the rapid evolution and increased complexity of managing information and the continual challenge that cyber security poses.
Majority of technology companies view cyber security threats as a serious threat to business continuity
Silicon Valley Bank survey looks at information security views of technology companies.
UK Centre for the Protection of National Infrastructure issues spear phishing guidance
Advice on spear phishing attacks and what an organization can do to protect itself from the threat.
ENISA highlights the threat of multi-pronged large impact cyber-attack events
ENISA has presented a short report into the top cyber threats, as a ‘first taste’ of its interim Threat Landscape 2013 report.
The growing threat from state-sponsored cyberattacks
We’re losing the battle against state-sponsored cyberattacks and things are not going to improve any time soon, according to a new survey from Lieberman Software Corporation.
>> More news
Information security in 2014
2014 will be the year that incident response finally matures to a business process says Tim Keanini.
PCI DSS Version 3.0: new standard but same problems?
New Net Technologies has provided a white paper that examines the implications of the new PCI DSS Version 3.0 for businesses.
How to implement a cyber incident response plan
It is a sign of the changing security landscape that it is almost certain that sooner or later your organization will experience a security incident. It is therefore essential to have a cyber incident response plan in place.
The last rites of traditional IT security
In a changing threat landscape anti-virus software is fast beginning to look past its sell-by date says Mark Kedgley.
Security concerns emerge with the new gTLDs
One of the major concerns is ‘name collision’ reports Jonathan French.
Ten things IT should be doing to protect your data: but probably isn’t
Businesses today are struggling with proper data protection: Rob Sobers provides some help.
Four steps for denying DDoS attacks
How should banks and financial institutions deal with increasing numbers of large-scale denial of service attacks?
Implementing a good information security program
The frequency and potential impacts of information security breaches are increasing. Dr. Jim Kennedy explains why and looks at what organizations can do about it.
How to avoid the complexity risks associated with next-generation firewalls
Sam Erdheim shows how to maximise security while avoiding the complexity that next-generation firewalls can bring.
The beginning of the end for firewalls?
There’s a new focus in town: data access control will increasingly trump network access control.
Maintaining availability: the importance of DDoS defences in business continuity planning
Actionable information security practices are critical to business continuity planning, yet many business continuity plans do not include this element. This is a major oversight, says Rakesh Shah.
Emulating the enemy
Threat emulation is a critical technique in achieving more effective network security. Terry Greer-King explains why.
How the biggest DDOS attack in history highlights interdependencies
Spamhaus attack shows how interdependent networks have become
APT attacks clarifiedConfusion exists as to what exactly an advanced persistent threat is and, even more importantly, how to manage the risks associated with APTs.
Consensus at RSA Conference 2013: PKI is under attack
At the recent RSA Conference 2013 in San Francisco, a clear consensus emerged: attacks on the trust established by cryptographic keys and certificates are on the rise and important element in today’s threat landscape.
Five easy steps for implementing a data classification policy
Without classification as the foundation of the information protection strategy, it’s impossible for organizations to know what to protect, says Stephane Charbonneau.
Cyber threats require a risk management approach
Information security programs that rely on defensive measures are no longer adequate.
A tiered approach to BYOD control
The practice of employing a layered security model can and should be applied to BYOD says Scott Gordon.
The low hanging fruit of IT security
How smaller organizations can remain secure on limited budgets. By Chris Stoneff.
Could your employees detect and deflect a spear phishing attack?
Why are spear phishing attacks increasing and what can organizations do to prevent falling victim?
Running lights out management without putting your organization’s lights out permanently
LOM is a potent technology which has its uses; however it also poses some potential risks which every enterprise must be aware of.
>> More articles
Sign up for a free e-mail newsletter.