Identity and Access Management is at the epicenter of many corporate security vulnerabilities. Markku Rossi of SSH Communications Security discusses how a "Just-in-Time" approach to credential management eliminates standing privileges.
What are the key experiences, capacities and skills needed by the next generation of cybersecurity leaders, as they prepare to address enterprise business risk in the next decade? Ex-CISO and current advisor Christopher Hetner shares his vision of the future of cyber leadership.
New Orleans is setting an aggressive pace to restore services after a ransomware attack crippled the city's IT systems: fixing more than 450 servers and 3,500 endpoints in just 48 hours. It's work that would normally take weeks to months, but the city plans to do it must faster.
A federal judge ruled this week that the U.S. government is entitled to proceeds from Edward Snowden's memoir and his paid speeches because the former NSA contractor did not submit his materials to his former federal employers for review before publishing.
"Zero trust" is arguably the cybersecurity buzzword of 2019, but what exactly is it? Is it a tool? Is it a capability? Is it a philosophical journey with no endpoint? Or is it all of the above? Jack Koons of Unisys explains why "zero trust' is a highly subjective term based on corporate risk appetite.
Video conferencing and collaboration systems are must-have tools for global companies. But new research by Forescout illustrates that elementary security errors in one vendor's system could have allowed attackers to snoop on meetings and view sensitive documents.
A Canadian medical testing lab acknowledges that it paid a ransom to "retrieve" data stolen by hackers in an incident that apparently did not involve ransomware. Find out about the unusual details of this incident.
In this in-depth blog, a long-time cybersecurity specialist who recently joined the staff of Information Security Media Group sizes up evolving ransomware risks and offers a list of 11 critical mitigation steps.
The gang behind Maze ransomware has begun publicly identifying its victims and listing data that it exfiltrated from systems before leaving them crypto-locked. The intent is clear: By naming and shaming victims, the Maze gang is trying to compel them to pay.
The long-awaited personal data protection bill, which was expected to be cleared by the Indian Parliament this year, has been put on hold yet again following serious concerns raised about recent changes in the proposal. It's been referred to a joint parliamentary committee for further review.