Security News

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the...

In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise, cyber attackers' use of AI, and securing the supply chain.

Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity,...

Please turn on your JavaScript for this page to function normally. SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs.

As senior director and global head of the office of the chief information security officer at Google Cloud, Nick Godfrey oversees educating employees on cybersecurity as well as handling threat detection and mitigation. We conducted an interview with Godfrey via video call about how CISOs and other tech-focused business leaders can allocate their finite resources, getting buy-in on security from other stakeholders, and the new challenges and opportunities introduced by generative AI. Since Godfrey is based in the United Kingdom, we asked his perspective on UK-specific considerations as well.

How do security validations contribute to an organization's understanding of its security posture and risk profile? Third party security validation is a helpful tool, but typically is only part of the analysis required to understand the entire posture and effectiveness of a security program.

The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in...

In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Auditing a hardware supply chain is exponentially more difficult, as vendors may or may not choose to disclose what their underlying operating systems are, what open source software they use, where they source the hardware components of their devices, what firmware runs both the device itself and its subcomponents - for example a router may run a Linux distribution, with an open source routing daemon, a motherboard from Supermicro, with high-speed NICs from Mellanox, a baseboard management controller from ASPEED with BMC code from AMI which itself is another version of Linux with its own SBOM. With the apparent disconnect between security and development teams in software supply chain security, what strategies do you recommend to enhance collaboration?

He outlines the critical skills for CISOs in 2024, addresses the challenges they face, and underscores the importance of aligning enterprise expectations with information protection demands. ' One of the most painful realities for CISOs today is a continuing disconnect between enterprise/agency expectations for their CISO, and, what the CISO is actually tasked and funded to deliver.

In this Help Net Security video, Bindu Sundaresan, Director at AT&T Cybersecurity, discusses the ongoing changes we'll see from the CISO role as digital transformation efforts continue. It is now a position that leads cross-functional teams to match the speed and boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans.