Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

RCE vulnerability in Apache Struts 2 affects several VMware products, including vCenter, DaaS, vROps and Hyperic [Read More]
Researchers discovered several vulnerabilities in Double telepresence robots. Flaws patched with server-side fix [Read More]
Several Cisco products are exposed to attacks due to the Apache Struts 2 vulnerability that has been exploited in the wild [Read More]
Industry professionals comment on the CIA hacking tools detailed by WikiLeaks and the implications of the Vault7 leak [Read More]
WikiLeaks will share details on the CIA hacking tools with tech companies, but the White House says there may be legal repercussions [Read More]
Researchers found several potentially serious flaws in a popular pricing software from Navetti. Patches are available [Read More]
WikiLeaks Vault 7 leak shows that CIA learned from NSA’s mistakes after researchers exposed operations of the Equation Group [Read More]
WikiLeaks claims to have obtained files showing the hacking capabilities of the US Central Intelligence Agency (CIA) [Read More]
Open source projects can benefit from HackerOne’s Professional services for free as long as they meet certain conditions [Read More]
The New York State Department of Financial Services (DFS) 'first-in-the-nation' cybersecurity regulation for the financial services industry is, as of 1 March 2017, operational . One of the most highly regulated industries is now even more regulated in New York. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Travis Greene's picture
If there are only five controls that a security organization can reasonably tackle this year, what should they be?
Torsten George's picture
Cyber security and cyber threats are most often confused with cyber risk, and often used interchangeably, but they are worlds apart.
Joshua Goldfarb's picture
Risk, reporting, and metrics are three important topics within information security, and they all mean drastically different things to different audiences.
Steven Grossman's picture
When it comes to security and cyber risk, CISOs are in the middle of it all, but they are not alone in protecting the enterprise.
Torsten George's picture
Let’s consider whether the proposed principles and tools by the World Economic Forum (WEF) can improve cyber resilience, and which types of enterprises can benefit most from implementing them.
Erin O’Malley's picture
Today, we expect ultimate convenience. But at what cost? More and more, I’m left wondering whether modern conveniences—grâce à today’s advanced technologies—are truly worth the risk.
Rafal Los's picture
Do you ever find yourself trying to protect your organization from exotic attack scenarios that are highly unlikely or that would have a minimal impact on you?
Josh Lefkowitz's picture
It's crucial for healthcare institutions to recognize their industry’s inherent susceptibility to cyber threats and that standards and regulations will, by their nature, always be reactive.
Steven Grossman's picture
The goal of stopping all cyber attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts.
Torsten George's picture
Since most IoT devices and microservices lack adequate security frameworks or tools to monitor and detect security gaps, traditional methods such as penetration testing should be reconsidered despite their hefty price tag.