Women make up just 11 percent of information security professionals. Just increasing that number to 22 percent would solve the industry’s staffing shortage problem. Unfortunately, at most companies, the recruitment process is designed to attract the kind of people who already work there. Changing that requires conscious effort. Here are some tips that might help. […]
10 tips to attract women to infosec jobs Read More »
While there are plenty of standardized methods for penetration testing that we’re all familiar with, the bad guys aren’t sticking to traditional methods for their attacks anymore. So it’s time for the good guys to start thinking outside the box, too: here are a few creative methods to pen test your organization and see
How to get creative with your penetration testing Read More »
It’s hard to imagine a company these days that isn’t using open source software somewhere, whether it’s Linux running a company’s print and web servers, the Firefox browser on user desktops, or the Android operating system on mobile devices. In, fact, there are now more than a million different open source projects, according to Black
Open source pitfalls — and how to avoid them Read More »
Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed. The Common Vulnerability Scoring System is an industry standard, but has been around for a while. The bad guys, however, aren’t limiting themselves to the traditional perimeter attacks anymore. They’re using spear
You Need to Get Creative With Pen Testing. Here’s How to Do It. Read More »
Cover story These days, there’s no shortage of new business technologies and new threat vectors to the enterprise. But what many companies forget is that old technologies pose risks as well, and those risks aren’t going away. In fact, as your legacy systems continue to get more out-of-date while the world around them continues to
Forgotten risks hide in legacy systems Read More »
Even as women have made dramatic advances in medicine, law, and other fields, the proportion of women pursuing undergraduate degrees in the computer sciences has actually been dropping, from around 30 percent in 1990 to 18 percent in 2010, according to the latest data from the National Science Foundation. As a result, according to the
Info sec industry still struggles to attract women Read More »
Whether you receive a phishing email inviting you to click on a specific link, whether you see the link on your trusted social media sites, or whether you stumble upon it while Web surfing, here are 10 types of links you should never click on. See slideshow at Network World.
Don’t click on these links Read More »
Phishers are upping their game, so end users need to respond accordingly Protecting yourself against phishing attacks used to be relatively easy. Don’t download unexpected attachments. Visit banking websites directly instead of clicking on links in an email. And look for bad grammar. Credit: wikimedia Those days are gone. Today, a phishing attack can come
How to stay one step ahead of phishing attacks Read More »
When Unisys CISO John Frymier came in to work on Friday, Sept. 6, the phones were ringing, and continued to ring all day. Customers were panicking over the news headlines of the day before. The NSA had cracked Internet encryption. The NSA was listening in to everything. European customers were especially concerned, he says. Read
Is open source encryption the answer to NSA snooping? Read More »
Rogue employees, hackers, government employees all threats to keeping information stored on the cloud private Edward Snowden’s leaks about NSA spying may have brought the issue of cloud security to broad public attention, but some enterprise users were already concerned about how to take advantage of cloud-based applications while keeping their data safe. As a
SaaS vendors, customers, finding new ways to secure the cloud Read More »
Whether you’re protecting corporate data from internal leakers, hackers looking to steal money from you and your customers, foreign spies, your own government, or employees accidentally leaving their laptops in a taxi, encryption is today’s hot go-to tool. But encryption done wrong can be worse than no encryption at all, since it gives you an
10 encryption tips for the enterprise Read More »
What treasury and finance executives need to know about encryption Treasury and finance executives need to know enough about encryption and security to ensure that those policies not only match the company’s general attitude towards risk, but also account for particular risks associated with certain departments and processes. Encryption is a good safety measure because
Cloudy Does the cloud help or hinder credit card payment security and compliance? Depending on whom you ask, processing credit card payments in the cloud is either a great leap forward for security and compliance, or a big step backward. Actually, it can be either–depending on the type of cloud you have in mind and
Risk transfer opportunities have proliferated, as have the threats The bad news keeps coming. Every month, some company somewhere is hacked and loses confidential data. A storm of negative publicity — and lawsuits — quickly follows. Everyone is a potential target, and nobody is safe. Yet, according to a global survey by PricewaterhouseCoopers, the majority
Cyberinsurance: Products Mature but Still Underused Read More »
