Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.
Supply chain risk must be part of an enterprisewide risk management program framework, says information security manager Matt Marciniak of financial service firm Quantile. Reducing risk requires an agile approach to supplier management, he says.
Britain's Conservative Party is holding a leadership contest, with the winner set to become the country's next prime minister. But the balloting process has been delayed after the National Cyber Security Center warned that hackers could abuse a process allowing members to change their online vote.
Our security experts predict an action-packed year, and suggest you buckle your seatbelt. Get the latest on key trends, including:
Ransomware + supply chain = big new challenges.
Are cloud providers too ripe a target?
Threat intel is in for a makeover.
Most of what you need to know about security you’ve...
As the U.S. Congress continues to push for a strengthening of FISMA, lawmakers held a hearing with former government cybersecurity officials on Tuesday, all of whom expressed a need to update the law, last modified in 2014, and focus more on outcomes than on processes and compliance.
Complex IT ecosystems coupled with fragile security protocols leave companies vulnerable to security attacks. As companies move towards Zero Trust, microsegmentation solutions help protect against unknown exposures on the network. Organizations are continuously responding to changes in the cybersecurity landscape and...
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.
John O'Driscoll is the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants. He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk.
Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings.
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.
What will be the impact of the leak of investigatory documents from FinCEN - the U.S. Treasury Department's Financial Crimes Enforcement Network? For starters, experts warn that FinCEN reports may reveal sensitive information tied to banks and law enforcement agencies' investigatory tools and tactics.
Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.
Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. With COVID-19 driving unprecedented levels of remote working, video conferencing software is under the privacy and security microscope.
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.