What makes a good application pen test? Metrics

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here

What makes a good application pen test? Metrics

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here

What makes a good application pen test? Metrics

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here

5 ways data classification can prevent an insurance data breach

Insuring that your data is safeImage by Yohan CreemersInsurance firms collect and process large amounts of policyholder data including personally identifiable information (PII) and protected health information (PHI), as well as sensitive employee and company information that must be protected. Confidential data is the core of the business, and companies that collect and analyze it more effectively have a competitive advantage. And with the cost of file sharing and synchronization technology decreasing, actuaries are able to analyze and share data in real time. However, this also increases the number of unnecessary copies of sensitive business and consumer data.To read this article in full or to leave a comment, please click here

5 ways data classification can prevent an insurance data breach

Insuring that your data is safeImage by Yohan CreemersInsurance firms collect and process large amounts of policyholder data including personally identifiable information (PII) and protected health information (PHI), as well as sensitive employee and company information that must be protected. Confidential data is the core of the business, and companies that collect and analyze it more effectively have a competitive advantage. And with the cost of file sharing and synchronization technology decreasing, actuaries are able to analyze and share data in real time. However, this also increases the number of unnecessary copies of sensitive business and consumer data.To read this article in full or to leave a comment, please click here

How IT can foster innovation from within

Entrepreneurship is typically associated with startup companies, and the eager, driven and innovative minds that start them. But there's another type of entrepreneurship, and it lives inside established organizations.Intrapreneurs are already employed in your organization -- they're workers with progressive ideas that will benefit the company. The only problem is, these intrapreneurs often struggle to find the right channels to see their ideas realized."These are the employees who want to get their hands dirty and are often the first people to volunteer for a job. Intrapreneurs are not content with the status quo. They often see how things could be part of a bigger picture and come up with ideas to realize this new vision," says Tim Beerman, CTO at Ensono, a company that offers mainframe and hybrid IT solutions.To read this article in full or to leave a comment, please click here

Do you really need a CEO?

When Shawn Moore co-founded website design and content management software company Solodev in 2007, he knew he didn't want to take on the role of chief executive, and neither did his co-founder. So, the two followed conventional wisdom and hired on a CEO. But it soon become clear that they'd made the wrong decision -- because they didn't know what to do with him."Typically the founder becomes the CEO, and that's fine for some people, but in my case, I'm a software developer and a product guy. I like to get my hands dirty and work on actual products and drive them into the market. But when we were meeting with VCs and investors, they were all saying, 'You have to get a CEO,' but once we did, he quickly just became the chief sales guy. We weren't at the point yet where going public and needing the CEO to communicate between the board and shareholders was necessary, and we had a sales guy already, so for us as an early-stage, bootstrap company, it didn't make sense," Moore, now Solodev's CTO, says.To read this article in full or to leave a comment, please click here

McAfee on its own as independent security vendor

Effective today, McAfee has officially spun out from Intel, dumping the name Intel Security and operating under new majority ownership that has deep pockets to help the company aggressively acquire technology via mergers and acquisitions to supplement home-grown innovations.Investment firm TPG is making a $1.1 billion equity investment in McAfee in return for 51% ownership, giving it the cash it needs to buy companies for their technology so it can be incorporated faster into McAfee platforms than if developed via R&D.That’s a different strategy than is used by Intel in its chip business. “Identifying what it takes to run a semiconductor company is quite different from running a cybersecurity company in a rapidly changing threat landscape,” says Intel Security’s CTO Steve Grobman.To read this article in full or to leave a comment, please click here

McAfee on its own as independent security vendor

Effective today, McAfee has officially spun out from Intel, dumping the name Intel Security and operating under new majority ownership that has deep pockets to help the company aggressively acquire technology via mergers and acquisitions to supplement home-grown innovations.Investment firm TPG is making a $1.1 billion equity investment in McAfee in return for 51% ownership, giving it the cash it needs to buy companies for their technology so it can be incorporated faster into McAfee platforms than if developed via R&D.That’s a different strategy than is used by Intel in its chip business. “Identifying what it takes to run a semiconductor company is quite different from running a cybersecurity company in a rapidly changing threat landscape,” says Intel Security’s CTO Steve Grobman.To read this article in full or to leave a comment, please click here

Twitter Chat: Key Container Considerations

Intel “Kaby Lake” Xeon E3 Sets The Server Cadence

The tick-tock-clock three step dance that Intel will be using to progress its Core client and Xeon server processors in the coming years is on full display now that the Xeon E3-1200 v6 processors based on the “Kaby Lake” have been unveiled.

The Kaby Lake chips are Intel’s third generation of Xeon processors that are based on its 14 nanometer technologies, and as our naming convention for Intel’s new way of rolling out chips suggests, it is a refinement of both the architecture and the manufacturing process that, by and large, enables Intel to ramp up the clock speed on …

Intel “Kaby Lake” Xeon E3 Sets The Server Cadence was written by Timothy Prickett Morgan at The Next Platform.

IDG Contributor Network: 5 biggest cybersecurity questions answered

Some things never change. Computer security, however, is not one of them. New threats, patches and problems emerge each and every week.Many of the key questions and knowledge gaps remain remarkably consistent, and the patterns become clear when you tap into a platform with tens of thousands of those questions.That’s what Experts Exchange does. The sum of this computer security community is a reflection on the top computer security anxieties in the world right now.So, join me as I reveal the most commonly asked security questions.1. How can I surf the web anonymously? To browse the internet without fear of targeted advertising or traceable questions posted online doesn’t seem like a big ask. As online tracking systems become more sophisticated and harder to shake, however, the likelihood of private, anonymous browsing is becoming a long-ago memory. Take into account the latest ISP changes, where the U.S. government allows providers to not only track, but sell your browsing history without your consent. To read this article in full or to leave a comment, please click here

IDG Contributor Network: 5 biggest cybersecurity questions answered

Some things never change. Computer security, however, is not one of them. New threats, patches and problems emerge each and every week.Many of the key questions and knowledge gaps remain remarkably consistent, and the patterns become clear when you tap into a platform with tens of thousands of those questions.That’s what Experts Exchange does. The sum of this computer security community is a reflection on the top computer security anxieties in the world right now.So, join me as I reveal the most commonly asked security questions.1. How can I surf the web anonymously? To browse the internet without fear of targeted advertising or traceable questions posted online doesn’t seem like a big ask. As online tracking systems become more sophisticated and harder to shake, however, the likelihood of private, anonymous browsing is becoming a long-ago memory. Take into account the latest ISP changes, where the U.S. government allows providers to not only track, but sell your browsing history without your consent. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why are employers doubling down on the workplace?

Tech companies such as Google and Facebook are known for their informal, non-traditional work environments. But these days, even older, more staid firms are creating headlines in this space, rethinking not only how their employees work, but also where that work happens.Over the past few years, while I’ve been traveling to meet with business executives, I’ve seen office buildings that feature everything from standing desks and roof-top gardens to upholstered co-working rooms complete with craft beer on tap.To read this article in full or to leave a comment, please click here

Let’s Drop Some Random Commands, Shall We?

One of my readers sent me a link to CCO documentation containing this gem:

Beginning with Cisco NX-OS Release 7.0(3)I2(1), Cisco Nexus 9000 Series switches handle the CLI configuration actions in a different way than before the introduction of NX-API and DME. The NX-API and DME architecture introduces a delay in the communication between Cisco Nexus 9000 Series switches and the end host terminal sessions, for example SSH terminal sessions.

So far so good. We can probably tolerate some delay. However, the next sentence is a killer…

2017-04-05: The wonderful information disappeared from Cisco's documentation within 24 hours with no explanation whatsoever. However, I expected that and took a snapshot of that page before publishing the blog post ;)

Using TV Whitespace To Connect Communities in Malawi

Intel divests McAfee after rough marriage, will now secure hardware

Intel's finally washing its hands of McAfee after seven up and down years, which included a lawsuit last year from John McAfee, after whom the company is named.The chip maker has divested its majority holdings in McAfee to investment firm TPG for US$3.1 billion.McAfee will now again become a standalone security company, but Intel will retain a minority 49 percent stake. The chip maker will focus internal operations on hardware-level security.For Intel, dumping majority ownership in McAfee amounts to a loss. It spent $7.68 billion to acquire McAfee in 2010, which was a head-scratcher at the time. Intel's McAfee acquisition will stand as one of the company's worst acquisitions.To read this article in full or to leave a comment, please click here

Intel divests McAfee after rough marriage, will now secure hardware

Intel's finally washing its hands of McAfee after seven up and down years, which included a lawsuit last year from John McAfee, after whom the company is named.The chip maker has divested its majority holdings in McAfee to investment firm TPG for US$3.1 billion.McAfee will now again become a standalone security company, but Intel will retain a minority 49 percent stake. The chip maker will focus internal operations on hardware-level security.For Intel, dumping majority ownership in McAfee amounts to a loss. It spent $7.68 billion to acquire McAfee in 2010, which was a head-scratcher at the time. Intel's McAfee acquisition will stand as one of the company's worst acquisitions.To read this article in full or to leave a comment, please click here

Notorious iOS spyware has an Android sibling

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.To read this article in full or to leave a comment, please click here

Notorious iOS spyware has an Android sibling

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.To read this article in full or to leave a comment, please click here