Security and Vulnerability Management

Security and vulnerability management

Chris Young, Cisco
security

identity concept 164551610

New Brunswick Conquers Identity Management With Virtual Directory

What started as a single provincial department's effort to roll out a virtual directory now helps government employees and citizens access about 150 applications. Find out how New Brunswick solved what could have otherwise been a big...

Book Report: Cyberstorm by Matthew Mather

Great read for those who want to understand what might happen as a result of a devastating cyber-attack on critical infrastructure

Medical device security

Attacker could use default defibrillator password to launch denial of service

The National Vulnerability Database published two advisories regarding default passwords in defibrillators which attackers could use to "modify device configuration and cause a denial of service." Add this to widespread compromises...

Hexadite's Automated Incident Response Solution narrows the gap between detection and response

It's not uncommon for CIRT personnel to ignore various automated security alerts, largely because they don't have enough time to investigate every alert. As attacks become more frequent and threats grow more serious, the only way...

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee.  This gave the hackers access to the user records of 145 million users...

The Emerging Cybersecurity Software Architecture

It's been a busy week for the information security industry.  FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio.  IBM chimed in with a new Threat Prevention...

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and e-discovery firm....

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and...

CISOs Must “Think Different”

Remember the "Think Different" advertising campaign from Apple?  It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso. The "Think Different" ads coincided...

To Automate or Not to Automate (Incident Response): That Is the Question

The recently published Senate report on the Target breach exposed a dicey situation that is all too familiar to enterprise security professionals.  As it turns out, Target implemented malware detection technology from FireEye which...

Think Deleted Text Messages Are Gone Forever? Think Again

A former federal prosecutor and cybercrime expert tells CIO.com how IT departments can retrieve text messages that the user thought were deleted months or even years ago. As more litigation and investigations turn on the content of...

RSA Conference recap: Positive direction for security industry

Last week's RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I'm not sure about the attendance numbers but it seemed especially busy - not surprising after the many cybersecurity events...

Hot Topics at the RSA Conference

It's the calm before the storm and I'm not talking about the unusual winter weather.  Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.In spite of this year's controversy over the...

Judging in the Olympics and IT Security: Subjective vs. Objective

I was watching the opening night events of the Sochi Olympics last night while I was finalizing my presentation for RSA Conference this month in San Francisco. My presentation is on what the right metrics are to measure security and...

8 ways physical security has evolved

Physical security has come a long way since the advent of the lock and key. But for all of its changes, the greatest aspect of the evolution of physical security is how it has begun to mesh with our digital world. Here are eight of...

Real-Time Big Data Security Analytics for Incident Detection

I’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so...

IBM Is Focused on Burgeoning Enterprise Security Requirements

A few years ago, IBM’s information security assets were haphazardly scattered throughout its business units. RACF sat with the mainframe crew, IAM lived within the Tivoli group, and what remained of ISS gathered dust within IBM...

Large Organizations Need Open Security Intelligence Standards and Technologies

A few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last...

Load More