Survival or Extinction: Enhance your Incident Response Plan

It is widely accepted that information technology is an enabler; through the promotion and application of innovative solutions, modern organizations and their customers have a reliance on essential technologies as part of their everyday interactions. Through technology enablement, organizations seek to increase growth and revenue yet often overlook or ignore the potential for increased risk.…

Casting a Wider GRC Net: Third-Party Risk

You have probably heard—or maybe even said yourself—that there are only four things you can do about risk: Accept it. Ignore it (which is the same as accepting it). Assign or transfer it to someone else. Take steps to manage it within acceptable levels. On the topic of third-party risk, however, number three on that…

IoT – The Rise of the Machines

If you search the term “Internet of Things” (also known as “IoT”) in Google you will receive more than 562 million results, it’s a very hot topic which preoccupies the minds of many bright people in the security industry. What’s it all about? During recent years one couldn’t miss the sharp increase in the number…

Fighting Fraud with Web Session Analysis

Leading companies have been starting to transform massive volumes of data into useful intelligence for cyber-security and fraud prevention. Traditional approaches, which have primarily focused on “what happened, and why,” are being augmented with capabilities designed to identify, contain, and respond quickly to “what is not normal.” This is why technologies that help detect potential…

The CISO as Investment Advisor

When it comes to job descriptions, there seems to be no limit to what can be placed in the realm of the Chief Information Security Officer (CISO) role.  The role is many times a collection of various responsibilities guided by the loosely defined “protect information assets” charter.  Of course there are elements of core security – access…

Getting Off the Entitlement Management Treadmill

The concept of turning off network access when people leave a company, or adjusting entitlements when people change roles, may seem like basic common sense. But in a busy, fast-moving organization, it can often be a challenge to stay on top of all the changes, and despite your best intentions, proper entitlement management doesn’t always…

Granting Serenity to Network and Endpoint Security

You’ve probably heard the inspirational saying “grant me the serenity to accept the things I cannot change, the courage to change the things I can, and the wisdom to know the difference.” Today’s strategies for network and endpoint security also have three complementary and reinforcing parts: Prevent the Known Bad: e.g., traditional signature-based solutions for…

Vision and Execution: the Trusted World and Intelligence-Driven Security

In his keynote at the recent RSA Global Summit in Washington DC, Art Coviello spoke cogently and convincingly about the need for both vision and execution: “[We are] partners in a battle to create a trusted world for communication, collaboration and innovation. To win the battle, we are going to need vision and execution. You…

Poor Social Network Security Can Put Your Business at Risk

Consider for a minute what information you generally supply when setting up an account, getting a loan, or even ordering a pizza online. Vital information like your name, home address, email address, phone number, and maybe your birth date is commonly required. Now, think about how much of that information an attacker might be able…

The Power of AND

I have always been a “fan” of words.  Meaning: I read a lot and I write a lot.  I have this notion that “if” is the most powerful word pound for pound.  For only two letters, “if” sure packs a lot of punch.  “If” has fueled exploration (“if the world isn’t flat…”).  “If” has driven…