Nik Whitfield outlines how, when building a risk-based approach to security, CISOs need to start by building situational awareness from the telemetry of their operating environment.
Eighty percent of IT professionals have implemented a patch policy to enhance their organisation's security.
Richard Beck takes a look at how UK businesses plan to tackle cyber-threats to corporate security over the coming year.
By learning to translate their concerns into the language of business risk, cyber-security professionals will find that their messages are heard - and heeded - more readily, says Piers Wilson.
Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.
A leading UK lawyer has said that cyber-insurance can play a part in a business cyber-security strategy, so long as the risks are understood.
Companies must understand how security works inside - and outside - their organisation, argues Seth Berman.
High-profile CISOs and senior IT security managers talked advanced persistent threats (APTs) and how they can be countered at SC Magazine's latest roundtable in central London.
New research claims that the security threats landscape is now almost egalitarian in nature, with almost every industry - and every company - now being a security target.
A holistic approach to information security is needed to overcome the shortcomings of a Risk Management approach says David Stubley.
While still a relatively immature industry, cyber insurance can reduce the costs of recovering from a breach, and, as Tony Morbin reports, it can also play a role in driving adoption of best practice, including de-facto standards in critical infrastructure.
Average total cost of a data breach has increased by 15 percent in the last 11 months; consultants increase risk says new Ponemon report.
What should businesses be doing to ensure that contractors and other third-parties are aware of the risks in security? That was one of the key questions during a panel discussion at Infosecurity 2014 in London on Thursday.
Bad news is filtered out of communicaiton to the C-suite and 63 percent of IT staff only start talking after a breach has taken place.
If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning argues David Rimmer
On the first morning of the annual RSA Conference in San Francisco, I met with a company whose story began almost exactly a year ago.
Google is crediting enhanced risk analysis efforts with lowering the number of compromised user accounts by nearly 100 per cent over two years.
The concept of being prepared for the worst crosses over all types of incidents.
Businesses are rapidly adopting an outsourced, third-party information technology operations model.
On the night of April 14th, 1912, the RMS Titanic scraped an iceberg and sank to the bottom of the ocean in only two hours and 40 minutes resulting in the death of 1,517 people.
Adoption of a 'risk-managed' approach to information security is extremely fashionable amongst the organisations that I work with.