Infosecurity Opinions
Comment: Malicious QR Codes Jeopardize Your Security
Now that QR codes are in the mainstream, they are also fast becoming a favorite tool for attackers seeking new infection vectors. That is why education for the QR code end-user is imperative, says Tripwire’s Dwayne Melancon
Comment: Why Hire a Hacker?
Some organizations employ hackers to prevent criminals from hijacking their systems. But many are still afraid to hire a hacker and are not sure what ‘type’ of hacker they should recruit. AlienVault’s Dominique Karg looks at what kind of hacker an organization should employ and what their knowledge can offer in terms of increased security
Comment: A Tiered Approach to BYOD Fulfillment
Enterprise mobility and BYOD policies present new IT challenges and security threats for managing endpoints, safeguarding network resources and protecting sensitive data. ForeScout’s Scott Gordon says there is no one-size-fits-all answer, so a layered security model can and should be applied
Comment: Employ Data-centric Security to Tackle the Insider Threat
Watchful Software’s Charles Foley discusses how data-centric security approaches help keep sensitive information safe from security breaches
Comment: Make Internal and External Threats a Boardroom Priority
Cyber-Ark’s Udi Mokady discusses the threats facing organizations today and considers whether internal or external attacks are a greater risk to modern business
Perimeter Security: In Memoriam
Paul Simmonds submits his obituary for perimeter-based security strategies
Perimeter Security: Evolved, Not Dead
Perimeter security strategies must adapt to today’s realities, but the concept itself is not entirely obsolete, says Scott Gordon
Comment: Avoid the Seven Deadly Sins of Cloud Computing
The benefits of cloud computing services are now well established; however, uncertainty still surrounds several of the inherent risks. The ISF’s Steve Durbin examines what organizations can do to realize the benefits of the cloud, while avoiding the information security bear-traps that exist
Comment: Overcoming a Year of Vulnerability
Mark Dunleavy of Informatica takes a look back at 2012, and explores why it’s being described as a year of vulnerability. We have seen data breaches galore over the past 12 months, so he offers guidance in how to make 2013 the year of data breach prevention
Comment: Contactless Payments – Retailers Must Learn to be More Secure in 2013
Calum MacLeod of Venafi takes a closer look at near-field communications, which many retailers are planning to implement this year, and finds some potential pitfalls in their plans for contactless payments
Comment: Give Security a Voice in the Boardroom
Most organizations depend on IT, making them mortally vulnerable if security is breached. Phil Bindley of The Bunker believes that business consulting skills are the key to giving security a voice in the boardroom
Comment: Audit what’s Going on in your IT Infrastructure…It’s Not Rocket Science
Aidan Simister of NetWrix looks at what organizations need to audit, but too often don’t
Information Security Certifications: Is the CISSP Just a Badge, or Is it More?
John Colley defends the merits of the CISSP exam and warns that it's not as easy as some think
Information Security Certifications: Badges of Dishonor
Gregor Campbell questions whether those who earn their CISSP are truly capable information security professionals, just by virtue of having passed an examination
Comment: DIY IT Security – The Hard and Wrong Ways
Do-it-yourself security is typically a bad idea. Matt Harrigan of Critical Assets explains why
Comment: Why Justin Bieber Is the Only Hope Left for Information Security
Dominique Karg from AlienVault gives his opinion on how Justin Bieber can help raise IT security awareness and influence people via his millions of ‘teenie’ followers
Comment: Cybersecurity Is an Issue – Now What?
Recent cyber attacks have proven that hackers and terrorists are trolling for ways to disrupt national infrastructure. We all recognize the problem, yet no one can agree on a solution. Benga Erinle says time is running short for the US government to decide what role it will play to protect critical infrastructure
Comment: Ensure You Can Trust Your Cloud Provider
Can an organization trust an IT service provided through the cloud? ISACA’s Mike Small says the answer can be found in the old Russian maxim, often quoted by US President Ronald Reagan: “trust but verify”
Comment: Mobile Devices Get Means for Tamper-evident Forensic Auditing
Providing early evidence of tampering can shorten investigation times for breaches and audits, says Michelle Drolet of Towerwall
Comment: Is Your Office Printer Secure?
The once ‘humble’ office printer has developed into a networked communication hub with an inherent security risk if not managed correctly. Quentyn Taylor of Canon Europe discusses the importance of a comprehensive, overall security policy to minimize print security risks