Managing Compliance Issues within the Value Chain

blog / May 17, 2018

by Kip Boyle

Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.

Risky Business: The Fifth Element

/ May 08, 2018

by Preston Hogue

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.

Breach Costs Are Rising with the Prevalence of Lawsuits

blog / May 02, 2018 (MODIFIED: May 17, 2018)

by Ray Pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

blog / Apr 26, 2018 (MODIFIED: May 09, 2018)

by Ray Pompon

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

5 Fun Facts About the 2018 Singapore Cybersecurity Statute

/ Apr 19, 2018

by David Holmes

Fun Fact #2: the author is looking forward to being a card-carrying Singaporean crime fighter (temporarily) someday.

Extend Your Security Program’s Influence with Adjuvants

blog / Apr 17, 2018 (MODIFIED: May 09, 2018)

by Ray Pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

IOT: Moving to Security by Design

/ Mar 27, 2018 (MODIFIED: May 08, 2018)

by David Holmes

With device developers rushing to build IoT as fast as they can, security can suffer.

Twelve Tips to Help Employees Keep Devices Secure When Away from the Office

blog / Mar 20, 2018 (MODIFIED: Apr 23, 2018)

by Mike Levin, Center for Information Security Awareness

Laptops full of confidential data are still getting stolen, and public Wi-Fi hotspots are being booby-trapped. CISOs need to make users aware of the threat to prevent this from happening.

Reacting to a Big Breach

/ Mar 15, 2018 (MODIFIED: May 08, 2018)

by Ray Pompon

A big public breach is a teachable moment for both you and your organization.

User Experience and Security Should be Complementary, Not Contradictory

/ Feb 23, 2018 (MODIFIED: Apr 19, 2018)

by Preston Hogue

When new technology initiatives are approached in the right way, organizations can implement them, mitigate risk, and provide the best user experience.

Risky Business (Part 3): The Beauty of Risk Transfer

/ Feb 13, 2018 (MODIFIED: Mar 30, 2018)

by Preston Hogue

Risk transfer strategies allow you more time to focus on your business.

CISOs Look to Machine Learning to Augment Security Staffing Shortages

blog / Feb 06, 2018 (MODIFIED: Mar 20, 2018)

by Ray Pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

blog / Jan 31, 2018 (MODIFIED: Apr 16, 2018)

by Sara Boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

Risk vs. Reality: Don’t Solve the Wrong Problem

blog / Jan 24, 2018 (MODIFIED: Mar 02, 2018)

by Ray Pompon

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

Everything is Compromised—Now What?

blog / Jan 18, 2018 (MODIFIED: Mar 15, 2018)

by Jared B. Reimer

Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.

State of App Delivery 2018: Security Again Edges Out Availability as Most Important App Service

blog / Jan 16, 2018 (MODIFIED: Feb 21, 2018)

by Lori MacVittie

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

Risky Business (Part 2): Why You Need a Risk Treatment Plan

/ Jan 12, 2018 (MODIFIED: Feb 23, 2018)

by Preston Hogue

Performing a risk analysis and taking due care are no longer optional.

Global Consultancy Overcomes Cloud Security Risks

blog / Jan 09, 2018 (MODIFIED: Feb 13, 2018)

by Ray Pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

Liability in an Assume Breach World

blog / Jan 02, 2018 (MODIFIED: Feb 09, 2018)

by Ray Pompon, Sara Boddy

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

Achieving Multi-Dimensional Security through Information Modeling—Modeling Inversion Part 5

blog / Dec 26, 2017 (MODIFIED: Jan 24, 2018)

by Ravila White

In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.

Risky Business: Understand Your Assets and Align Security with the Business

/ Dec 19, 2017 (MODIFIED: Jan 18, 2018)

by Preston Hogue

Security teams can fulfill the CISOs responsibilities and help business groups become more security-savvy by working through the due diligence and due care process together.

To Protect Your Network, You Must First Know Your Network

/ Dec 13, 2017 (MODIFIED: Jan 12, 2018)

by Ray Pompon

Strong security starts with understanding exactly what you need to protect and where it resides within your organization.

Avoiding the Epidemic of Hospital Hacks

blog / Dec 05, 2017 (MODIFIED: Jan 09, 2018)

by Ray Pompon

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

Achieving Multi-Dimensional Security through Information Modeling—Unwrapping Controls Part 4

blog / Nov 28, 2017 (MODIFIED: Jan 02, 2018)

by Ravila White

In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.

A CISO Landmine: No Security Awareness Training

blog / Nov 14, 2017 (MODIFIED: Mar 19, 2018)

by Mike Levin, Center for Information Security Awareness

CISOs who fail to prioritize security awareness training are putting their business and assets at serious risk.

Is a Good Offense the Best Defense Against Hackers?

blog / Nov 09, 2017 (MODIFIED: Dec 19, 2017)

by Ray Pompon

Proposed legislation could change existing laws that bars victims of hacking attacks from striking back.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors

blog / Nov 02, 2017 (MODIFIED: Dec 13, 2017)

by Mike Simon

How to selectively capture packets for further analysis and avoid buying a storage farm.

Third-Party Security is Your Security

blog / Oct 24, 2017 (MODIFIED: Dec 05, 2017)

by Ray Pompon

When you must depend on third parties for a variety of products and services, it’s critical that you hold them to high security standards.

How to Be a More Effective CISO by Aligning Your Security to the Business

blog / Oct 17, 2017 (MODIFIED: Nov 28, 2017)

by Ray Pompon

Security must align to the business needs, not the other way around. Begin with investigation and understanding to be most effective.

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

blog / Oct 03, 2017 (MODIFIED: Nov 14, 2017)

by Ray Pompon, David Holmes

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

Five Reasons CISOs Should Keep an Open Mind about Cryptocurrencies

blog / Sept 26, 2017 (MODIFIED: Feb 05, 2018)

by Ray Pompon, Justin Shattuck

Far from a dying breed, cryptocurrencies are not only evolving but being accepted in countless new markets. CISOs need to know the ins and outs, pros and cons.

CISOs: Striving Toward Proactive Security Strategies

report / Sept 19, 2017 (MODIFIED: Nov 09, 2017)

by Mike Convertino

As enterprises more closely align their security and IT operations, they still struggle to shift their security programs from reactive to proactive.

Five Reasons the CISO is a Cryptocurrency Skeptic—Starting with Bitcoin

blog / Sept 13, 2017 (MODIFIED: Oct 24, 2017)

by David Holmes

There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals.

Six Steps to Finding Honey in the OWASP

blog / Aug 31, 2017 (MODIFIED: Oct 17, 2017)

by Ray Pompon

According to Verizon’s 2014 Data Breach Investigations Report, “Web applications remain the proverbial punching bag of the Internet.” Things haven’t improved much since then. What is it about web applications that makes them so...

Achieving Multi-Dimensional Security through Information Modeling—Executive Threat Modeling Part 3

blog / Aug 23, 2017 (MODIFIED: Oct 10, 2017)

by Ravila White

How InfoSec leaders can build successful threat models by defining the threat landscape and its component resources, then asking simple, situational questions.

Where Do Vulnerabilities Come From?

blog / Aug 15, 2017 (MODIFIED: Sept 26, 2017)

by Ray Pompon

Vulnerabilities are an emergent property of modern software’s complexity, requested features, and the way data inputs are handled.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem

blog / Aug 03, 2017 (MODIFIED: Oct 30, 2017)

by Mike Simon

This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.

What Are You Doing to Protect Critical Infrastructure?

blog / Jul 25, 2017 (MODIFIED: Mar 19, 2018)

by Mike Levin, Center for Information Security Awareness

Protecting our critical infrastructure is everyone’s responsibility, and there are many ways we can all do our part.

How to Avoid the Six Most Common Audit Failures

blog / Jul 18, 2017 (MODIFIED: Sept 01, 2017)

by Ray Pompon

A veteran auditor told us how organizations fail audits. Here are six detailed strategies to help you achieve success.

Who Should the CISO Report To?

blog / Jul 11, 2017 (MODIFIED: Aug 24, 2017)

by Ray Pompon

Savvy organizations that understand the gravity of cyber security are giving CISOs a voice at the executive table.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.