Security and Vulnerability Management

Security and vulnerability management

Massive Enterprise Endpoint Security Opportunity

Next-generation endpoint security suite could be a billion dollar play

The Increasing Cybersecurity Attack Surface

New technology deployment opens cyber-threat vectors and makes security operations more complex

privacy policy 510733 1920

Qwerty Card: A lo-tech solution to managing hi-tech passwords

For a few years I’ve used a password system that’s been really successful and it's based on a simple formula ... but if that's too much for you check out Qwerty Card ...

password 397655 1280

Users plus passwords equals disaster

Lost productivity, lousy security, and serious financial risk are the results of poor password management. Do you really need any more reasons to do something about your users and their passwords?

Will Public/Private Threat Intelligence Sharing Work?

Past examples point to a mixed record of success and failure.

pci security compliance

Verizon report: Security testing compliance down from last year

Compliance rates between audits increased substantially across all PCI DSS requirements except for security testing, according to a report released Wednesday by Verizon. In particular, the ratio of companies compliant on Requirement...


Information overload, SIEM version

Our manager is very happy with the performance of his security information and event management platform, but sometimes it’s too much for the network bandwidth. Fortunately, an easy fix is at hand.

mobile fingerprint identification

Biometric security is on the rise

Does biometrics have a huge role to play in corporate security programs? We asked several experts to weigh in on the pros and cons of biometric security.

clean desk

Low tech 'visual hacking' successful nine times out of 10

Researchers were able to get sensitive corporate information just by looking around corporate offices in 88 percent of attempts, according to a new study

patch bandage band-aid first-aid ouch cure remedy

Google relaxes strict bug disclosure rules after Microsoft grievances

Google today relaxed a strict 90-day vulnerability disclosure that put it at odds with rival Microsoft, saying it would give vendors a 14-day grace period if they promised to fix a flaw within the two-week stretch.

Book Report: Countdown to Zero Day

Kim Zetter's book on Stuxnet sheds light on esoteric areas like malware analysis, process automation, and cyber war.

cutcaster 902830953 tour small

Throw your vendor under the bus after a breach? Not quite so fast

Tips for your third-party risk management program.

cwjan15 klossner humanerror cartoon

The risks of a big man-made IT disaster are on the rise

IT services are but one human error away from a spectacular failure, and there's very little evidence to suggest that we've found a way to stop people from making mistakes. (Insider, registration required.)

Endpoint Security Activities Buzzing at Enterprise Organizations

CISOs are assessing people, processes, and technologies to address endpoint security threats and vulnerabilities

00 title

Six social engineering tricks that can be avoided if you're careful

Social Engineers work on multiple levels. The key to their success is to target human nature and emotion.

social media

Social engineering: The dangers of positive thinking

CSO Online recently spoke to a person working in the security field with a rather unique job. He's paid to break into places, such as banks and research facilities (both private and government), in order to test their resistance to...

010515 utm 1

UTM Shootout: Security appliances for SMBs are smaller, more powerful and packed with new features

Vendors are coming up with new ways to fit enterprise-grade security features into more compact and more powerful appliances.

Microsoft Windows patch tuesday bug

Catchy nicknames prompt more patching of vulnerabilities

Vulnerabilities with catchy nicknames get more attention from media, customers, and vendors and so get patched more thoroughly than similar vulnerabilities without clever names.

Windows security patches

Patch Tuesday Dec 2014: 7 fixes, 3 critical patches for Windows, IE and Office

For the last Patch Tuesday in 2014, Microsoft released 7 security updates, including 3 patches for critical remote code execution flaws in Windows, Office and Internet Explorer.

oops keyboard

Do you create stupid users?

A week doesn’t go by where we read about some attack that is precipitated by bad user actions.

Load More