History has yet to judge the 2016 presidential election, but from where we sit in the early days of 2017, it’s hard to imagine that it will ever be relegated to a footnote.To read this article in full or to leave a comment, please click here(Insider Story)
Employees come and go, or switch departments, so IT managers seek an automated way to give (or deny) them access privileges to corporate systems. Two of the top software products for identity and access management (IAM) are Oracle Identity Manager and CA Identity Manager, according to IT Central Station, an online community where IT professionals review enterprise products.Both products have their fans who say the sophisticated software helps them handle routine access tasks … without paperwork. But users also note that there are areas where the products have room for improvement — areas such as the user interface, initial setup and vendor tech support, according to reviews at IT Central Station. Plus, several users said the vendors need to migrate these products to the cloud.To read this article in full or to leave a comment, please click here(Insider Story)
Employees come and go, or switch departments, so IT managers seek an automated way to give (or deny) them access privileges to corporate systems. Two of the top software products for identity and access management (IAM) are Oracle Identity Manager and CA Identity Manager, according to IT Central Station, an online community where IT professionals review enterprise products.To read this article in full or to leave a comment, please click here(Insider Story)
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, there are plenty of great conferences coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2017.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full or to leave a comment, please click here(Insider Story)
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.To read this article in full or to leave a comment, please click here(Insider Story)
What is it they say about failing to learn the lessons of history and being doomed to repeat it? However the famous saying goes, I think we can agree that the events of 2016 can be very instructive if we choose to pay attention.Just yesterday, for example, Yahoo disclosed a breach from 2013 involving more than 1 billion user accounts — and those are unrelated to the 2014 breach disclosed in September involving over 500 million user accounts.Among the lessons from the Yahoo breaches is that hackers are very good at what they do and are getting increasingly sophisticated. What can you do to prevent an email-based attack from happening in your organization? Above all, pay attention to the human element.To read this article in full or to leave a comment, please click here(Insider Story)
What is it they say about failing to learn the lessons of history and being doomed to repeat it? However the famous saying goes, I think we can agree that the events of 2016 can be very instructive if we choose to pay attention.To read this article in full or to leave a comment, please click here(Insider Story)
Eighty-five percent of organizations believe they have the right controls in place to protect against such attacks. Yet, 40 percent of them have been victims of cyber attacks within the last six months.To read this article in full or to leave a comment, please click here(Insider Story)
Eighty-five percent of organizations believe they have the right controls in place to protect against such attacks. Yet, 40 percent of them have been victims of cyber attacks within the last six months.That’s the finding of a recent survey sponsored by BAE Systems.Why the disconnect?[Related: 3 ingredients of a successful attack]
It’s one thing to believe you have the right protections in place; it’s another thing to test those beliefs. The survey of 600 business leaders across five countries found that “only 29% of organizations tested their attack response in the last month. On average, organizations last tested their cyber attack response 5 months ago.”To read this article in full or to leave a comment, please click here(Insider Story)
On November 13, the breach notification site LeakedSource disclosed that FriendFinder Networks, Inc., which operates such websites as Adultfriendfinder.com and Penthouse.com, had been hacked and over 400 million customer accounts were compromised.In addition to being the largest leak of 2016 (the 360 million records from leaked from MySpace in May comes in second), this data breach also marked the second time in 2 years that FriendFinder users had their account information compromised.To read this article in full or to leave a comment, please click here(Insider Story)
On November 13, the breach notification site LeakedSource disclosed that FriendFinder Networks, Inc., which operates such websites as Adultfriendfinder.com and Penthouse.com, had been hacked and over 400 million customer accounts were compromised.To read this article in full or to leave a comment, please click here(Insider Story)
According to the 2016 State of Compliance survey conducted by data management and integration provider Liaison Technologies, one-quarter of top executives are unclear who in their organization is responsible for compliance. And nearly half (47 percent) of respondents to the survey of 479 senior and C-level executives said they don't know which compliance standards apply to their organizations.“As leaders in the compliance domain we thought it was important to share our findings on how U.S. companies perceive their regulatory obligations—and examine ways to help improve their compliance postures,” Hmong Vang, chief trust officer with Liaison, said in a statement. “What we found was rather concerning."To read this article in full or to leave a comment, please click here(Insider Story)
According to the 2016 State of Compliance survey conducted by data management and integration provider Liaison Technologies, one-quarter of top executives are unclear who in their organization is responsible for compliance. And nearly half (47 percent) of respondents to the survey of 479 senior and C-level executives said they don't know which compliance standards apply to their organizations.To read this article in full or to leave a comment, please click here(Insider Story)
The field of computer security has been around since the 1960s, and since then, practitioners have developed "a good understanding of the threat and how to manage it," say the authors of Security in Computing, 5th edition.But over the years the field has also developed a language of its own, which can present a challenge to newcomers.In the preface to the updated edition of this classic text, the authors make plain their intent to demystify the language of computer security. One good place to start: understanding the three things a malicious attacker needs to be successful.To read this article in full or to leave a comment, please click here(Insider Story)
"What company would not like to know exactly what its competitor is doing?"To read this article in full or to leave a comment, please click here(Insider Story)
"What company would not like to know exactly what its competitor is doing?"When we talk about corporate espionage, we're talking about companies stealing information that gives them a competitive or economic advantage, writes Chuck Easttom in the new 3rd edition of his book Computer Security Fundamentals. It's not showy, often low-tech and sometimes downright dirty, as exemplified by Oracle CEO Larry Ellison's admission that he "hire[d] private investigators to sift through Microsoft garbage in an attempt to garner information."To read this article in full or to leave a comment, please click here(Insider Story)
Hardly a day goes by that there isn't news of another vulnerability, another attack, another patch — and often the biggest, baddest of its kind.To read this article in full or to leave a comment, please click here(Insider Story)
No organization wants to see sensitive information walk out its doors, yet it happens with alarming frequency.According to a recent study by Accusoft, a provider of document and imaging software, 34 percent of IT managers say their organization "has had sensitive information compromised due to poor file management practices." Yet 90 percent of them report being "confident they have the tools they need to protect their organizations’ documents."The survey of more than 100 U.S. IT managers and 250 full-time employees revealed an alarming disconnect between IT managers and their users. "Seventy-four percent of IT managers report that their firms have a formalized document management solution," according to the report. "At the same time, less than half (49 percent) of end users believed these resources were available." And 20 percent of employees "claim they don’t know what document management tools their employer uses."To read this article in full or to leave a comment, please click here(Insider Story)
No organization wants to see sensitive information walk out its doors, yet it happens with alarming frequency.To read this article in full or to leave a comment, please click here(Insider Story)
Last month's news about the massive data breach at Yahoo, which affected at least 500 million user records, making it the largest data breach on record, might finally be what it takes to get the average internet user to take online security into their own hands — if only they knew how.To read this article in full or to leave a comment, please click here(Insider Story)
CSO staff