John O'Driscoll is the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants. He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk.
Threat actors are focusing a lot on Active Directory today as it is a path for them to reach an organisations key data & applications. The versatility of Active Directory makes it a crucial target for hackers. Organisations learn new ways on how to protect this valuable target and mitigate the risks. Organisations...
Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings.
Modern software applications contain many complexities that challenge testing requirements and security teams. A variety of elements including custom/proprietary code, open source components, and application configuration pose challenges for independent verification and validation (IV&V) and audit and testing teams.
...
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.
It's not news that the digital economy is changing all the rules for IT, which has to deliver the infrastructure and apps that business stakeholders demand. And they have to do it fast without compromising security. That's why it so important to have a modern data center.
Learn what defines a modern data center and...
In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.
Despite significant investments in common DLP and analytics technologies, breaches and theft of sensitive data continue to rise. This is because the data itself is only monitored, not protected. But what are the gaps in your current technology investments and how can they be filled?
To ensure data security and...
What will be the impact of the leak of investigatory documents from FinCEN - the U.S. Treasury Department's Financial Crimes Enforcement Network? For starters, experts warn that FinCEN reports may reveal sensitive information tied to banks and law enforcement agencies' investigatory tools and tactics.
Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.
Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. With COVID-19 driving unprecedented levels of remote working, video conferencing software is under the privacy and security microscope.
IT infrastructure barely resembles what it looked like just five years ago. More than half of all VMs now reside in the cloud, employees turn to an average of four devices to conduct work, and IoT devices will exceed all other devices within just three years. Together, this increased complexity is putting enormous...
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
Continuous compliance is a new strategy to independent review and managing cybersecurity. The approach, easily practiced by any organization, is an ongoing method of gathering security control evidence. Evidence is collected as the controls are being operated. This solves the problems of IT Audit, improves security,...
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
