Until our industry creates a cyber-Enterprise Resource Planning, a SOC is the best place to create, apply, and increasingly automate processes and aggregate data into actionable intelligence.
Buying in cyber-risk-management-as-a-service will let companies manage cyber-risk like any other risk, achieving visibility, incorporating cyber-security into the core of product and service design plus facilitating cyber-insurance.
Only a third of British businesses have a financial plan in place in case of a cyber-attack. Research from Lloyds Bank reveals only half of companies contemplate the risks of a cyber-attack at board level.
Fraud prevention is an on-going cycle involving several processes including monitoring, detecting, planning, case management and decision-making. For some small business owners managing everything it can be their last priority.
Vulnerability management strategies based on responding to published - and patched - CVE vulnerabilities are fatally flawed, according to a new in-depth report.
When integrating new products or systems consult both security and IT teams first. They have differing priorities, and any changes may impact their operations in ways that may not be immediately apparent to an outsider.
New research has revealed that even though people are now more aware of security best practices than in the past, their password management has remained largely unchanged.
Threat actors are targeting internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware or a decoy wiper in disguise.
Historically, IT Directors & CIOs were focused on operational activities: keeping the lights on, keeping risk low, keeping systems running. Today we are seeing a necessary transition of the role, from functional CIO to strategic CIO.
To realise the full benefits of a hybrid IT, organisations need comprehensive monitoring solution & foundational skills like DART (discover, alert, remediate, and troubleshoot) & SOAR (secure, optimise, alert, and report) frameworks.
Starting a cloud strategy? Ask, fundamentally, how can the cloud and its capabilities be aligned to the requirements of the business over the next five or more years?
A large cache of sensitive medical records handled by a US-based digital records management company was found stored in an Amazon S3 storage bucket without adequate protection.
The Hawaii Emergency Management Agency has had a lot of explaining to do after an employee pushed the wrong button during a test and pushed out an alert warning residents that a ballistic missile was headed their way.
Change is afoot in the cyber-security industry - from the shift in reporting styles and measures of success, to the evolving role and responsibilities of the CISO. Here's how this development could transpire in the year ahead.
The security of building management systems has improved over the last few years but many of them aren't set up properly to avoid being hacked, according to security researchers.
To speak meaningfully and to be taken seriously by policy makers about issues like ransomware will require us not just to learn the language of the boardroom but the language of society at large, and of government.
Learning by doing. If you don't have - and practice - a breach recovery plan, then a simulation exercise can demonstrate why you should have one, identify your weak spots, and encourage you to take action to plug the holes.
Former Yahoo chief executive Marissa Mayer apologises for the two massive data breaches at Yahoo that occurred during her tenure and resulted in 3 billion credentials being stolen, blaming Russian agents for at least one of them.
Senior leadership should pursue stronger business outcomes. Theresa Grafenstine says that becomes a much smoother proposition when at least one board member - ideally several - have expertise in governance of technology.
Although Secure Shell (SSH) keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured according to a recent report by Venafi.
For those businesses that want to reduce the brand risk of cyber-attack, Marc Lueck says more emphasis on recovery is the easiest place to start. It will also go a long way to future proofing organisations against upcoming threats.
Recent cyber-attacks reveal how vulnerable organisations are and that those who actively manage security have limited damage and recovered fastest says Matthias Maier
Survey from consulting firm shows there is still much work to do to identify and protect the 'crown jewels' of mission critical data.
More than half of cyber-security professionals find it difficult to highlight possible security system weaknesses for senior management, while the rest find it more difficult to admit something has gone wrong.
Building blocks of IT security 4: Through Life Operation can be unglamorous and unpopular because it can be where the realities of earlier expedience-driven omissions, reductions in capacity and capability come home to roost, says Tony Collings.
Following the JD Wetherspoon data breach, there are many questions about the cause and the mistakes that led to it. But the company's mistakes offer valuable lessons for other businesses as Pat Clawson explains.
When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.
Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.
Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.