Tag: CISO
Step 3: Investigate the State of IoT Usage within Your Organization Never believe what you’ve been told or your own assumptions. You need to find out for yourself what IoT devices are already in use within your environment. It’s dangerously naïve to assume there aren’t any in place already. Just like standard IT security risk…
Read MoreIt’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications. For a few weeks this fall, the U.S. was fixated on…
Read MoreWe who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior. We can transfer the risk with insurance or outsourcing, though the transfer is rarely complete. Lastly, we can…
Read MoreThe National Cyber Security Centre (NCSC) was formed in 2016 to help protect the UK’s critical services from cyber attacks and help providers of those services manage major cyber incidents. NCSC has repeatedly warned that a major attack on critical national infrastructure is a matter of when, not if. Despite this, a recent cyber security…
Read MoreIntroduction No CISO is an island. Of all the executive roles in a mature organization, the CISO is one of the most dependent on the collaboration and integration of disparate resources and people. The CISO is responsible not for a specific, discrete segment of a business model but for managing an abstract principle with shifting…
Read MoreIn my last post, I examined the reasons why certificate revocation is important to enterprise security. Now I’ll walk you through the steps you need to follow to check for revoked certificates. Certificates are believed to be ‘good’ unless we’re told otherwise, so certificate authorities simply need to maintain lists of ‘bad’ certificates that have…
Read More“Quantity has a quality all its own”—a quote apocryphally attributed to Joseph Stalin. As part of the research that went into F5 Labs’ 2018 Application Protection Report, we surveyed information security professionals. We found that 37% of respondents were from organizations with more than 5,000 people. Here’s how the percentages broke down: What is the…
Read MoreF5 Labs' David Warburton writes for Venafi, explaining one of the key strategies for improving the use of OCSP for certificate revocation. Source link lol
Read MoreThose of us at a certain age (ahem) grew up in a simpler time. Email was largely unheard of. There was no social media, no Facebook, Twitter or Instagram. There was no e-commerce, no Amazon, Alibaba or Taobao. No online banking. No online dating. Credit card transactions were processed manually. Local businesses accepted personal checks.…
Read MoreThere is an unspoken assumption that pervades the information security industry. It is a vestige from the days when system administrators were the security staff, and the ways in which customers and organizations interacted with the Internet were markedly different from how they are now. This assumption is that the boundary that separates our network…
Read More