Application security is driving demand for highly skilled consultants. It's a challenging profession, and I've broken out five key skills that will distinguish you in the field.
How can organizations ensure that their information security staff is mitigating the latest threats? And what truly defines an information security professional? Here are some of the key ingredients.
Anti-fraud professionals often uncover misconduct in the course of our work. What types of ethical dilemmas must we navigate in our efforts to prevent fraud? Here are a few that come to mind.
Far too often the relationship between auditors and their boards is not as effective as we might hope. What makes the difference? Here is some advice based on my recent conversations.
Earlier this month, I had the chance to attend RSA Conference 2012, which always reminds me how fluid our industry is, and how important it is to stay educated and abreast of change.
What skills are needed to be an effective fraud examiner? My short answer is that, as with any discipline, there are certain skills and areas of knowledge one needs to learn to be successful.
How do fraudsters rationalize their actions, and do they feel guilt, stress, or even excitement when they actually cross that line into breaking the law? Read their answers to these questions and more.
How can companies and IT security leaders keep a security breach from becoming a long-term problem and stop it from negatively affecting their customer base?
IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.
While organizations need to make investments in data protection and storage, it's crucial that they first get a real handle on classifying their data before allocating resources in the wrong places.
An analysis of many recent studies suggests that over 80 percent of applications contain simple vulnerabilities. Here are five tips that developers can leverage to secure their code.
Enforcement and class actions are what the year 2011 will be remembered for in privacy. So, how can pros prepare for the inevitability of a litigious and increased-enforcement environment?
Moving into 2012, IT risk professionals will need to develop deep areas of subject-matter expertise. Here are some areas of increasing importance for your organization - and your career.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.