Infosecurity Opinions

  1. Comment: The Hard Cost of Misunderstanding Least Privilege

    John Mutch and Brian Anderson unravel the common misunderstandings about privileged access that prevent organizations from better protecting their network perimeter from the risk of insider threat and negligence

  2. Comment: Where the CISO Should Sit

    The CISO position is making a comeback, but if not strategically positioned in an organization, it can become a powerless figurehead – competing for mindshare and budget with other “functional” operations. Ed Adams of Security Innovation points out why a CISO can be far more effective if reporting to the CEO (or highest ranking risk officer) instead of the CIO

  3. Comment: Breaching Its Way through Congress – The SAFE Data Act

    Richard Moulds of Thales discusses the merits of the SAFE Data Act as it makes its way through the US Congress

  4. Comment: Myths Plague Perceptions of Mobile Malware

    Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies

  5. Comment: New EU e-Privacy Legislation – Why You Should Act Now

    George Thompson of KPMG IT Advisory explains why companies should act now in response to new e-privacy legislation, and the organizational and technical steps to consider

  6. Comment: Avoid 'Friend or Foe' Syndrome with your IT Auditor

    In a perfect world, the confidence and communication that exist between an organization and its IT security auditor might resemble the doctor–patient relationship. But when Philip Lieberman examines this critical aspect of IT security, he finds an increasingly troubled history – and makes some suggestions about how both sides can gain more from the partnership.

  7. Comment: Companies Lose Encryption Keys – and Security – in the Amazon Cloud

    Jeff Hudson of Venafi discusses the importance of proper education and best practices for protecting SSL and SSH keys that secure the cloud

  8. Comment: Encryption Vendors May Be the Weakest Link

    Infosec analyst Matthew Pascucci examines the security incidents that have plagued encryption and authentication vendors this past year and calls on them to beef up their own in-house security, or face the possibility of sanctions

  9. Comment: Security Has Become a Black and White Issue

    As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security

  10. Comment: Password Reuse Equals Misuse

    A recent survey by Swivel Secure shows that 55% of people use the same password, or variations of one, to access all their online activities. Chris Russell examines the corporate risks of password reuse and emphasizes the need for multifactor authentication for accessing business critical data

  11. Comment: Cyber-gang Crackdown Cripples Malware Traffic…for Now

    This past summer’s FBI-coordinated crackdown on computer scareware companies virtually shut the fake security software business down, but without the implementation of tough, diverse preventative solutions, Enigma Software's Alvin Estevez says it might remain akin to nothing more than cutting off the head of a hydra

  12. Comment: Implement Comprehensive Mobile Security – Today

    Mobility and consumerization mean that the landscape of the corporate IT estate is changing in ways that are making new demands of security professionals. Dave Everitt of Absolute Software explains why a multi-tiered security strategy is essential to overcome increased threats

  13. Comment: It’s Time to Take APTs Seriously

    Ross Brewer of LogRhythm explores the danger posed by advanced persistent threats, the rash of high-profile data breaches that have been making headlines this year, and the steps organizations should be taking to protect IT assets

  14. Comment: Network Forensics – Beyond Activity Monitoring

    Network activity monitoring can alert a company to a security breach or an attack, but Jay Botelho of WildPackets points out that a network forensics solution can take network monitoring a step further and use this information to prevent future attacks

  15. Comment: Tackling Data Protection Concerns on Public Cloud Services

    To ensure highest security and compliance standards are met in the cloud, organizations need to adopt a data-centric approach that focuses on protecting data throughout its lifecycle, argues Mike Smart of SafeNet.

  16. Comment: Privacy, Trust and Identity in the Cloud

    The cloud provides many services that are used by individuals to network, and to buy services. ISACA’s Mike Small explores how this has created new challenges relating to identity, privacy and trust

  17. Comment: We All Need to Keep Closer Tabs on Financial Data

    Mohan Koo, managing director of Dtex Systems, explains how recent data breaches show that organizations are focusing on external security while neglecting insider threats

  18. Comment: Power to the People to Secure Consumerized Devices

    How should you deliver security to the personal devices your users want to use for work? Simple – give the users some responsibility. Terry Greer-King of Check Point explains

  19. Comment: Intelligent Network Forensics – Peeling Back the Onion

    Dealing with a true ‘targeted’ attack or ‘advanced persistent threat’ (APT) is a process, not an event, and it includes a discovery phase, an investigation phase, and a remediation phase. The objective is being able to see, study, and stop the threats that are flowing over networks, says Kurt Bertone of Fidelis Security Systems

  20. Comment: The SSL Offload Dilemma

    Nathan Pearce of F5 Networks discusses why more organizations are reviewing their security in the wake of recent breaches, how raised security arrangements will inevitably put strain on servers, and the need to take action.

Why not watch?

  1. Supercharge Your Security With Intelligence-Driven Threat Hunting

  2. Supply Chain Risk and Mitigation in Operational Technology

  3. The Future of Fraud: Defending Against Advanced Account Attacks

  4. Securing Your Move to Hybrid Cloud Infrastructure

What’s hot on Infosecurity Magazine?