Colossal data breaches, massive distributed denial-of-service botnets taking down popular websites, and Russian hackers interfering with the U.S. election – a lot has happened in 2016, and InfoSec Insider has kept up with the news along the way. Rather than regurgitate the headline-grabbing news items that have dominated the information security industry, we’ve worked toward providing a relatable, outside-in view that encourages security practitioners to think about problems differently. As we continue to ramp up our efforts in providing you with a resourceful library of content you can rely on, we’ve decided to reflect on some of the top InfoSec insider articles of 2016, based on the engagement we’ve received from our readers.
Your Best Pentest Yet, in Six Simple Steps
Penetration tests are a critical part of running a secure organization. In a perfect world, both internal and external testing would be conducted every year (at least). In this article, security experts provide some tips that will help you and your organization prepare for a smooth test that results in actionable outcomes.
A Deeper Look at the Ponemon 2016 Cost of a Data Breach Study
The Ponemon Institute's "2016 Cost of a Data Breach" study features some interesting information about how companies in different countries and industries are experiencing data breaches but fails to focus on how organizations are improving or declining year-over-year. Luckily, we've tapped into past reports and provided a side-by-side look at a few of the key findings.
Lemme Tell Ya, Them Guys Ain't Dumb
Ransomware is a new twist on an old type of extortion, and the farther the criminals can take it, the more effort they'll put into reaping larger benefits. Based on the frequency of this type of attack, it's difficult to ascertain whether ransomware attacks are mostly opportunistic or if a concerted effort against companies with large amounts of data. Here, we examine the issue.
Pentest or Vulnerability Scan: Which is Right for You?
Organizations struggle at times deciding what the best route is to test their network. In this post - written by guest contributor Georgia Weidman - we analyze whether companies are getting the right kind of security testing, and whose responsibility it is to ensure they get the right kind of test in the first place.
So You Say You Want To Be A Pentester
Penetration testers have the sometimes fun, always challenging job of seeking out the weak spots in a company's systems, giving organizations an opportunity to remediate problems before an attacker gloms on. Pentesting isn't a new category of security practitioner, but given the quantity of severity of challenges, the field is experiencing a bit of a surge in interest.
BC/DR Planning Isn't A "Someday" Activity
When it comes to business continuity and disaster recovery (BC/DR), planning and mock exercises are lacking. Failure to create and exercise BC/DR guidance can put a company in dire straits, leaving it unable to function at normal levels, and leaking revenue, profits, and new business opportunities.
Third Part Risk Management: The Russian Nesting Doll of Infosec Challenges
Organizations depend on third parties to function. The problem is that those parties also depend on third parties, and so on and so forth. In this video interview with InfoSec Insider, IT risk management consultant Jerod Brennen shares some tips on what security managers can do to assess a large number of these third-party vendors.
Are Tech Companies Responsible For All User Information?
How much responsibility do social media companies have when it comes to security? Should tech companies play a role in free speech? Are social media companies responsible for users' actions? In this post, we use a recent case involving Facebook as an example that raises the issue.
The Promises of Privacy Shield are TBD
In this popular post, we analyze Privacy Shield, the highly-anticipated trans-Atlantic data transfer agreement between the EU and U.S. that was approved this year by the European Commission. Although better data protection and privacy are undeniably positive, the world is yet to see exactly how this new requirement will impact cybersecurity overall.
Interested in Becoming an Infoec Pro? Here's Some Sage Advice
The talent shortage impacting the cybersecurity industry is a real thing. With good salaries and countless of private and public companies looking for help, the opportunities are there for aspiring cybersecurity professionals. In this post, we interviewed Zach Lanier, Director of Research at Cylance, who offered up some tips on what security rookies need to know before joining the infosec community.