Security News

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the...

In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise, cyber attackers' use of AI, and securing the supply chain.

Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity,...

Please turn on your JavaScript for this page to function normally. SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs.

As senior director and global head of the office of the chief information security officer at Google Cloud, Nick Godfrey oversees educating employees on cybersecurity as well as handling threat detection and mitigation. We conducted an interview with Godfrey via video call about how CISOs and other tech-focused business leaders can allocate their finite resources, getting buy-in on security from other stakeholders, and the new challenges and opportunities introduced by generative AI. Since Godfrey is based in the United Kingdom, we asked his perspective on UK-specific considerations as well.

How do security validations contribute to an organization's understanding of its security posture and risk profile? Third party security validation is a helpful tool, but typically is only part of the analysis required to understand the entire posture and effectiveness of a security program.

The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in...

In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Auditing a hardware supply chain is exponentially more difficult, as vendors may or may not choose to disclose what their underlying operating systems are, what open source software they use, where they source the hardware components of their devices, what firmware runs both the device itself and its subcomponents - for example a router may run a Linux distribution, with an open source routing daemon, a motherboard from Supermicro, with high-speed NICs from Mellanox, a baseboard management controller from ASPEED with BMC code from AMI which itself is another version of Linux with its own SBOM. With the apparent disconnect between security and development teams in software supply chain security, what strategies do you recommend to enhance collaboration?

He outlines the critical skills for CISOs in 2024, addresses the challenges they face, and underscores the importance of aligning enterprise expectations with information protection demands. ' One of the most painful realities for CISOs today is a continuing disconnect between enterprise/agency expectations for their CISO, and, what the CISO is actually tasked and funded to deliver.