Security Boulevard

FEBRUARY 14, 2025

Meanwhile, an informal Tenable poll looks at cloud security challenges. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) called buffer overflow vulnerabilities unforgivable defects that put national and economic security at risk.

Banking 62

Banking Cybercrime Cybersecurity Ransomware 62

SecureWorld News

APRIL 9, 2025

We have been identifying people based on personality and aptitude for decades," said Rick Doten , VP, Information Security, Centene Corporation, who just keynoted on the topic of neurodiversity at SecureWorld Charlotte on April 2nd. " My initial thought is 'how is this new?'

Cybersecurity 97

Cybersecurity Education InfoSec Government 97

Jane Frankland

FEBRUARY 7, 2025

But as a CISO or cyber risk owner, it’s not just about locking down sensitive informationits about doing it without slowing down your people. It encompasses everything from ensuring the confidentiality and integrity of information to reducing risks, maintaining compliance, and building trust with customers.

Cyber Risk 130

Cyber Risk CISO Encryption Risk 130

Security Boulevard

JUNE 2, 2025

By the end of this phase, you should have two core outputs that will inform the next stages of analysis: Timeline : Reconstruct your exam attempt as accurately as possible by capturing timestamps of your actions; break down each event by challenge set, machine, attack stage (e.g., Needless to say, I was shocked and profoundly disappointed.

Penetration Testing 52

Penetration Testing Engineering Wireless Cybersecurity 52

Thales Cloud Protection & Licensing

JUNE 10, 2025

Gigabytes of sensitive data were exfiltrated, including customer payment card information (PCI), employee social security numbers (PII), and confidential financial documents. Rarely does a week go by without news of another massive data breach, exposing the sensitive information of millions. No alarms were triggered.

Data privacy 62

Data privacy Encryption Government Healthcare 62

SecureWorld News

MAY 6, 2025

Add in long hours, under-resourced teams, and the "always-on" pressure of digital defense, and it's no wonder burnout is a looming threat within the InfoSec community. And they impact more than the professionals themselves; when CISOs and their teams are stretched thin, the entire organization's security posture is at risk.

CISO 98

CISO InfoSec Cybersecurity Architecture 98

Krebs on Security

JUNE 30, 2025

“Lawmakers are at exceptional risk and need to be exceptionally protected,” Weaver said. And as the old infosec industry adage goes, if an adversary has physical access to your device, it’s most likely not your device anymore. “Their computers should be locked down and well administered, etc.

Mobile 256

Mobile Spyware InfoSec Phishing 256

Security Boulevard

MARCH 23, 2025

Discover how PlexTrac addresses these issues by integrating various data sources, providing customized risk scoring, and enhancing remediation workflows. The episode offers an insightful [] The post From Spreadsheets to Solutions: How PlexTrac Enhances Security Workflows appeared first on Shared Security Podcast.

Risk 52

Risk Penetration Testing Social Engineering Data privacy 52

Security Boulevard

FEBRUARY 16, 2025

In this episode, we discuss the UK governments demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy.

Backups 52

Backups Encryption Government Technology 52

Security Boulevard

MAY 11, 2025

Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook.

Media 52

Media Data privacy Cyber threats Internet 52

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. 2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model.

InfoSec 255

InfoSec Insurance Artificial Intelligence Small Business 255

Daniel Miessler

APRIL 2, 2023

After two and a half decades in information security, I’ve witnessed countless failures in security efforts. The AI Solution AI will redefine infosec by continuously consuming and parsing all logs, configurations, documentation, and communication. The key to success? Better data/state/context and better questions.

InfoSec 168

InfoSec Software Information Security Risk 168

Security Boulevard

JUNE 14, 2023

Information security (InfoSec) risk management with third parties, including outsourcing, requires persistence and consistency due to the primary business risk it presents. Third-party managers need to have insights into a variety of areas of information security, including.

InfoSec 96

InfoSec Risk Information Security CISO 96

Daniel Miessler

MARCH 20, 2022

I’m starting a new series with this 2022 edition where I think about what Information Security could or should look like in the distant future—say in 2050. The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. Org Structure. Technology. Regulation. Automation / AI. Distant Future.

InfoSec 180

InfoSec Insurance Technology Engineering 180

Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. “The [employee] did not request a waiver or risk acceptance from the CISO.”

Insurance 346

Insurance Risk Financial Services CISO 346

CSO Magazine

MARCH 1, 2022

That’s why CSO’s Future of InfoSec Summit is a must-attend event. Taking place virtually March 8 and 9, the event will take a 360-degree look at managing information risk. We’re living in a different world in which no business or government is isolated from these threats. To read this article in full, please click here

InfoSec 119

InfoSec Risk Government Ransomware 119

Security Boulevard

FEBRUARY 8, 2021

I have attended numerous security conferences over the past several years, and at each one, I repeatedly hear about the importance of information security being incorporated within the planning and requirement analysis phase of the software development life cycle (SDLC). I agree – this is very important.

InfoSec 95

InfoSec Information Security Software CISO 95

Notice Bored

MAY 25, 2022

Here's a similar grossly-simplified outline of the classical experimental method that has proven equally successful over several centuries of scientific endeavour: Consider available information Propose a testable hypothesis Test it (design and run experiments) Watch what happens Discover and learn GOTO 1 Either way, I'm a committed fan.

InfoSec 74

InfoSec Risk Antivirus Government 74

Security Affairs

APRIL 21, 2020

The security researcher Pedro Ribeiro, Director of Research at Agile Information Security, has published details about four zero-day vulnerabilities affecting the IBM Data Risk Manager (IDRM) after the company refused to address the issues. The latest version Agile InfoSec has access to is 2.0.3, ” concluded the expert.

Risk 138

Risk Authentication InfoSec Advertising 138

SecureWorld News

DECEMBER 16, 2022

Bureau of Labor Statistics (BLS) , jobs in the Information Security field are expected to increase by 35 percent by 2030, which researchers are saying is faster than any other industry growth on average. Here are three key takeaways to keep in mind when researching for a new role in InfoSec in 2023.

Information Security 97

Information Security InfoSec Marketing Cybersecurity 97

Notice Bored

MARCH 14, 2022

How does one write an information security report? It also occurs to me that, aside from structuring the reports according to the information security controls and incidents , you could use the information risks in a similar way. What should be reported?" Using appropriate metrics makes sense, of course.

Risk 76

Risk InfoSec Information Security Government 76

Cisco Security

SEPTEMBER 26, 2022

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Risk Management and Formula One. Meanwhile, InfoSec is the designer and implementor of risk management capabilities (for instance, ensuring the latest technology is deployed and within expected specifications).

Risk 144

Risk Cybersecurity Technology InfoSec 144

Security Affairs

SEPTEMBER 30, 2021

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats. Pierluigi Paganini.

Risk 115

Risk InfoSec Ransomware Technology 115

SecureWorld News

APRIL 28, 2023

Featured guests are Krista Arndt, CISO, United Musculoskeletal Partners; David Lingenfelter, VP of Information Security, Penn Entertainment; and Bistra Lutz, Director of Global Information Security Operations, Crown Holdings.

InfoSec 124

InfoSec CISO Ransomware Information Security 124

Notice Bored

MAY 12, 2022

We have just completed and released a brand new information security policy template on professional services. Professional services engagements, and hence the associated information risks, are so diverse that it made no sense to specify particular infosec controls, except a few examples.

InfoSec 66

InfoSec Risk Accountability Government 66

Security Boulevard

JULY 7, 2022

Risks to Your Network from Insecure Code Signing Processes. However, this practice puts these critical resources at risk for being misused or compromised. Many InfoSec teams don’t have the visibility into what their software development teams are doing. In years past, InfoSec may have been the central keeper of code signing.

Risk 98

Risk InfoSec Software Digital transformation 98

Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? Professional services are information-centric: information is the work product , the purpose, the key deliverable. if confidential business or personal information was leaked to and exploited by third parties).

Risk 72

Risk Energy and Utilities Computers and Electronics Telecommunications 72

The State of Security

AUGUST 17, 2021

According to Gartner, global spending on information security and risk management technology is expected to exceed $150 billion in 2021. The post The Top 10 Highest Paying Jobs in Information Security – Part 1 appeared first on The State of Security. Cybersecurity Ventures estimated that there will be 3.5 That makes sense.

Information Security 112

Information Security Technology Risk Cybersecurity 112

SecureWorld News

JULY 31, 2023

Cybersecurity professionals have various views on last week's news from the United States Securities and Exchange Commission (SEC) when it surprised the InfoSec community and the C-suites of corporate America. For sanity, manage to a written information security policy.

CISO 98

CISO InfoSec Risk Cyber Risk 98

Notice Bored

JUNE 25, 2021

begging questions about which infosec-related matters are particularly important, and how they stack up in relation to other business priorities, issues, pressures etc. begging questions about which infosec-related matters are particularly important, and how they stack up in relation to other business priorities, issues, pressures etc.

InfoSec 63

InfoSec Risk Information Security Government 63

Troy Hunt

MARCH 18, 2024

The linked article talks about the author verifying the data with various people he knows, as well as other well-known infosec identities verifying its accuracy. Although if you are a current or previous customer, you can certainly request a copy of your personal information regardless of this incident.) For my part, I've got 4.8M

Data breaches 364

Data breaches Encryption Identity Theft InfoSec 364

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs. Sampling No Longer Works.

Cybersecurity 363

Cybersecurity CISO Artificial Intelligence Wireless 363

Notice Bored

APRIL 4, 2022

Yesterday, I completed and published the white paper on information security control attributes. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.

InfoSec 72

InfoSec Information Security Risk 72

Cisco Security

MAY 5, 2022

A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. Infosec Registered Assessors Program (IRAP December 2020).

Marketing 143

Marketing InfoSec Risk Technology 143

Notice Bored

JUNE 21, 2022

Some of them are quite similar or clearly related and could be combined - and I just know there are others worth adding to the list.

InfoSec 63

InfoSec Risk Engineering Accountability 63

Troy Hunt

OCTOBER 2, 2020

Another demonstration of how valuable Grindr data is came last year when the US gov deemed that Chinese ownership of the service constituted a national security risk. Here's how they responded when approached by infosec journo Zack Whittaker : We are grateful for the researcher who identified a vulnerability.

Accountability 364

Accountability Hacking Passwords InfoSec 364

Notice Bored

JUNE 20, 2022

The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as " Our Information Security Management System conforms to generally accepted good security practices as described in the ISO/IEC 27000-series information security standards. "

InfoSec 60

InfoSec Information Security Risk Government 60