Oracle's Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.
Facebook says hundreds of bogus profiles and group pages likely linked to Russia bought $100,000 worth of politically themed and divisive ads aimed at U.S. voters. The finding affirms the belief of U.S. intelligence agencies that Russia waged a multipronged effort to disrupt the U.S. election.
Instagram is warning that more users were affected by a hack of its systems than it first suspected. While email addresses - and some phone numbers - for celebrities, including Emma Watson and Lady Gaga, appear to have been compromised, 6 million account holders in total may have been affected.
Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
Yes, malware commonly targets the Windows operating system. But if you limit malware analysis to Windows OS, you're leaving gaping vulnerabilities, says Christopher Kruegel of Lastline Inc. Here's how to maximize your analysis.
What trait does a global cyberattack and a hurricane share? Both could cost insurers - and victims - dearly. In a new report, Lloyd's of London estimates that a major cloud services attack could trigger $53 billion in losses and cleanup costs.
Verizon has apologized to customers after a contractor failed to secure an Amazon Web Services S3 bucket, leading to the exposure of data relating to 6 million accounts. But it's unclear if Verizon plans to notify customers whose data and accounts might be at risk.
Organisations of every size are experiencing a problem as their operations digitally transform. They are unable to secure mission-critical workloads on cloud-based infrastructure without increasing risk, operational friction, or introducing compliance violations.
However, creating simpler and faster user-based...
When asked, "What's your container strategy?" the majority of CISOs will respond by asking: "What's a container?" So says Tenable's Gavin Millard, who sees ongoing confusion about how containers can help organizations not only move to the cloud but stay secure, provided they're correctly managed.
Rapid patching and adoption of updated software has long been a "must do" security imperative. But as WannaCry demonstrated, many organizations have yet to master the patch-management challenge, says Jack Huffard, president and COO of Tenable.
A former Qualys customer for more than a decade, Mark Butler is now the company's CISO. And one of his jobs is to help spread the word to other security leaders about the vendor's vulnerability management solutions.
Tata Communication's Avinash Prasad clears up misconceptions about the emerging security-as-a-service model and describes the role it can play, especially at organizations growing through mergers and acquisitions.
Are you moving your applications to the Cloud or have a Cloud First Strategy? Most recent data breaches have focused on user accounts and privileged access to sensitive resources, both in the data center and in the cloud. While you are migrating to cloud platforms, now is the time to re-think security. In this...
How can we secure access to mission-critical workloads on cloud-based infrastructure without increasing risk, operational friction, or introducing compliance violations?
As security professionals, we're trying to solve today's complex problems, but are hampered by yesterday's tools. Fortunately, there are...