Security News

In an effort to make IT pros' jobs easier, Jack Wallen offers cybersecurity tips to end users-in particular, what not to do to keep company networks, equipment, and data secure. Part of the reason for this is because you're always fighting an uphill battle named end users.

The process of vulnerability disclosure has improved over the years, but still too many security researchers face threats when trying to report bugs. Disclosure policies that give ethical hackers clear guidelines are vast and varied and are seldom universally followed, which adds to the friction between researchers and vendors.

As cyberattacks escalate, Infoblox and Forrester Consulting investigated how security and risk teams are using their DNS investments. 94% of S&R leaders either use or consider DNS as a starting point for threat investigations but only 43% of security and risk leaders rely on DNS as a data source to complete their investigations.

Data breach incidents involving Elasticsearch have been commonly rooted in this lack of attention, as well as a poor overall understanding of Elasticsearch security requirements. This can add up to a perfect storm from a security perspective: Elasticsearch is tremendously easy to deploy, but just as simple to forget about when it comes to hardening security that properly restricts access and protects data.

Abstract: Best practices for Internet of Things security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what "Best practice" means, independent of meaningfully identifying specific individual practices.

SOC 2 compliance is evaluated by independent third-party auditors who assess a company's ability to comply with these core principles. SOC 2 was developed by the American Institute of CPAs and designed specifically for service providers that store customer data in the cloud, meaning virtually every SaaS company operating today should consider achieving SOC 2 compliance.

SOCs are familiar with natural disasters and other inclement weather that includes floods, tornadoes and even ice storms, and it's critical to keep a SOC operational in the event that there is reduced local staff or access to physical infrastructure. SOCs operate as busy, open-office environments with team members working closely together to monitor and mitigate threats.

The Shared Assessments Program issued "CCPA Privacy Guidelines & Checklists," the security and risk industry's first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act. "As participants networked this past year to share ideas, best practices and pain points, the committee initiated a set of Privacy White Papers to help industry peers navigate and provide checklists to map their progress."

Businesses must accelerate the shift to comprehensive continuous software testing in order to remain competitive, according to a report released by Capgemini and Broadcom. While 55% of the enterprises surveyed have now adopted a continuous software testing approach, its slow increase in maturity demonstrates a critical challenge for organizations to overcome.

The process of constructing a holistic policy-based identity management solution can be difficult and overly complex, especially in the sensitive hospital environment with myriad identities. An integrated identity ecosystem provides a unified view across both cyber and physical security system; improving the overall hospital experience.