Management News, Articles and Updates

Turning your security operations centre into a security decision centre

Until our industry creates a cyber-Enterprise Resource Planning, a SOC is the best place to create, apply, and increasingly automate processes and aggregate data into actionable intelligence.

Evolving technologies will allow managing cyber risk (rather than threat)

Buying in cyber-risk-management-as-a-service will let companies manage cyber-risk like any other risk, achieving visibility, incorporating cyber-security into the core of product and service design plus facilitating cyber-insurance.

What will it take for the C-suite to care about cyber-threats?

Only a third of British businesses have a financial plan in place in case of a cyber-attack. Research from Lloyds Bank reveals only half of companies contemplate the risks of a cyber-attack at board level.

Why knowledge of fraud prevention is essential for small businesses

Fraud prevention is an on-going cycle involving several processes including monitoring, detecting, planning, case management and decision-making. For some small business owners managing everything it can be their last priority.

Report: Vulnerability management strategies are flawed

Vulnerability management strategies based on responding to published - and patched - CVE vulnerabilities are fatally flawed, according to a new in-depth report.

How to get IT and security teams in sync when CIOs take on surveillance

When integrating new products or systems consult both security and IT teams first. They have differing priorities, and any changes may impact their operations in ways that may not be immediately apparent to an outsider.

Despite increased cyber-risk awareness, poor password hygiene still rules

New research has revealed that even though people are now more aware of security best practices than in the past, their password management has remained largely unchanged.

HPE iLO 4 remote management interfaces targeted with ransomware

Threat actors are targeting internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware or a decoy wiper in disguise.

The cyber-accountable Chief Information Officer (CIO) - a strategic role

Historically, IT Directors & CIOs were focused on operational activities: keeping the lights on, keeping risk low, keeping systems running. Today we are seeing a necessary transition of the role, from functional CIO to strategic CIO.

Closing the skills gap: making the most of hybrid IT

To realise the full benefits of a hybrid IT, organisations need comprehensive monitoring solution & foundational skills like DART (discover, alert, remediate, and troubleshoot) & SOAR (secure, optimise, alert, and report) frameworks.

The cloud is a strategic priority requiring skills that few providers possess

Starting a cloud strategy? Ask, fundamentally, how can the cloud and its capabilities be aligned to the requirements of the business over the next five or more years?

Sensitive medical records on AWS bucket found to be publicly accessible

A large cache of sensitive medical records handled by a US-based digital records management company was found stored in an Amazon S3 storage bucket without adequate protection.

Post-it with password spotted in online photo of Hawaii Agency HQ

The Hawaii Emergency Management Agency has had a lot of explaining to do after an employee pushed the wrong button during a test and pushed out an alert warning residents that a ballistic missile was headed their way.

Why 2018 could be the year cyber-security finally comes of age

Change is afoot in the cyber-security industry - from the shift in reporting styles and measures of success, to the evolving role and responsibilities of the CISO. Here's how this development could transpire in the year ahead.

Building management systems still ripe for hacking

The security of building management systems has improved over the last few years but many of them aren't set up properly to avoid being hacked, according to security researchers.

To wipe out ransomware we first need to mature as an industry

To speak meaningfully and to be taken seriously by policy makers about issues like ransomware will require us not just to learn the language of the boardroom but the language of society at large, and of government.

News feature: Simulated attack, lessons learned on all sides

Learning by doing. If you don't have - and practice - a breach recovery plan, then a simulation exercise can demonstrate why you should have one, identify your weak spots, and encourage you to take action to plug the holes.

Former Yahoo chief executive Mayer testified before Congress, blamed Russia

Former Yahoo chief executive Marissa Mayer apologises for the two massive data breaches at Yahoo that occurred during her tenure and resulted in 3 billion credentials being stolen, blaming Russian agents for at least one of them.

Strong tech governance in the boardroom is a must

Senior leadership should pursue stronger business outcomes. Theresa Grafenstine says that becomes a much smoother proposition when at least one board member - ideally several - have expertise in governance of technology.

SSH privileged access has minimal control at most organisations

Although Secure Shell (SSH) keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured according to a recent report by Venafi.

InfoSec problems? Listen to your CISO, put more emphasis on recovery

For those businesses that want to reduce the brand risk of cyber-attack, Marc Lueck says more emphasis on recovery is the easiest place to start. It will also go a long way to future proofing organisations against upcoming threats.

Organisations must wake up and ensure they actively manage cyber-security

Recent cyber-attacks reveal how vulnerable organisations are and that those who actively manage security have limited damage and recovered fastest says Matthias Maier

Company boards and management becoming more engaged with cyber-risks

Survey from consulting firm shows there is still much work to do to identify and protect the 'crown jewels' of mission critical data.

Cyber-security: tense topic for IT pros to discuss with their bosses

More than half of cyber-security professionals find it difficult to highlight possible security system weaknesses for senior management, while the rest find it more difficult to admit something has gone wrong.

Video: Building blocks of IT security 4 - Through-Life Operation

Building blocks of IT security 4: Through Life Operation can be unglamorous and unpopular because it can be where the realities of earlier expedience-driven omissions, reductions in capacity and capability come home to roost, says Tony Collings.

JD Wetherspoon breach: three data management mistakes that could have been avoided

Following the JD Wetherspoon data breach, there are many questions about the cause and the mistakes that led to it. But the company's mistakes offer valuable lessons for other businesses as Pat Clawson explains.

Why IT service management teams must play a key role in cyber resilience

When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.

Faster security understanding with visualisation

Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.

How BYOD and collaboration trends solve corporate incident management

Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.