Risky Business (Part 3): The Beauty of Risk Transfer

/ Feb 13, 2018

by Preston Hogue

Risk transfer strategies allow you more time to focus on your business.

CISOs Look to Machine Learning to Augment Security Staffing Shortages

blog / Feb 06, 2018 (MODIFIED: Feb 15, 2018)

by Ray Pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

blog / Jan 31, 2018 (MODIFIED: Feb 21, 2018)

by Sara Boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

Risk vs. Reality: Don’t Solve the Wrong Problem

blog / Jan 24, 2018 (MODIFIED: Feb 21, 2018)

by Ray Pompon

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

Everything is Compromised—Now What?

blog / Jan 18, 2018 (MODIFIED: Feb 13, 2018)

by Jared B. Reimer

Accept that breaches are inevitable in today’s world, then take these steps to reduce the chances of a large-scale, headline-making compromise.

State of App Delivery 2018: Security Again Edges Out Availability as Most Important App Service

blog / Jan 16, 2018 (MODIFIED: Feb 21, 2018)

by Lori MacVittie

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

Risky Business (Part 2): Why You Need a Risk Treatment Plan

/ Jan 12, 2018 (MODIFIED: Feb 08, 2018)

by Preston Hogue

Performing a risk analysis and taking due care are no longer optional.

Global Consultancy Overcomes Cloud Security Risks

blog / Jan 09, 2018 (MODIFIED: Feb 13, 2018)

by Ray Pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

Liability in an Assume Breach World

blog / Jan 02, 2018 (MODIFIED: Feb 09, 2018)

by Ray Pompon, Sara Boddy

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

Achieving Multi-Dimensional Security through Information Modeling—Modeling Inversion Part 5

blog / Dec 26, 2017 (MODIFIED: Jan 24, 2018)

by Ravila White

In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.

Risky Business: Understand Your Assets and Align Security with the Business

/ Dec 19, 2017 (MODIFIED: Jan 18, 2018)

by Preston Hogue

Security teams can fulfill the CISOs responsibilities and help business groups become more security-savvy by working through the due diligence and due care process together.

To Protect Your Network, You Must First Know Your Network

/ Dec 13, 2017 (MODIFIED: Jan 12, 2018)

by Ray Pompon

Strong security starts with understanding exactly what you need to protect and where it resides within your organization.

Avoiding the Epidemic of Hospital Hacks

blog / Dec 05, 2017 (MODIFIED: Jan 09, 2018)

by Ray Pompon

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

Achieving Multi-Dimensional Security through Information Modeling—Unwrapping Controls Part 4

blog / Nov 28, 2017 (MODIFIED: Jan 02, 2018)

by Ravila White

In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.

A CISO Landmine: No Security Awareness Training

blog / Nov 14, 2017 (MODIFIED: Dec 26, 2017)

by Mike Levin, Center for Information Security Awareness

CISOs who fail to prioritize security awareness training are putting their business and assets at serious risk.

Is a Good Offense the Best Defense Against Hackers?

blog / Nov 09, 2017 (MODIFIED: Dec 19, 2017)

by Ray Pompon

Proposed legislation could change existing laws that bars victims of hacking attacks from striking back.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors

blog / Nov 02, 2017 (MODIFIED: Dec 13, 2017)

by Mike Simon

How to selectively capture packets for further analysis and avoid buying a storage farm.

Third-Party Security is Your Security

blog / Oct 24, 2017 (MODIFIED: Dec 05, 2017)

by Ray Pompon

When you must depend on third parties for a variety of products and services, it’s critical that you hold them to high security standards.

How to Be a More Effective CISO by Aligning Your Security to the Business

blog / Oct 17, 2017 (MODIFIED: Nov 28, 2017)

by Ray Pompon

Security must align to the business needs, not the other way around. Begin with investigation and understanding to be most effective.

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

blog / Oct 03, 2017 (MODIFIED: Nov 14, 2017)

by Ray Pompon, David Holmes

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

Five Reasons CISOs Should Keep an Open Mind about Cryptocurrencies

blog / Sept 26, 2017 (MODIFIED: Feb 05, 2018)

by Ray Pompon, Justin Shattuck

Far from a dying breed, cryptocurrencies are not only evolving but being accepted in countless new markets. CISOs need to know the ins and outs, pros and cons.

CISOs: Striving Toward Proactive Security Strategies

report / Sept 19, 2017 (MODIFIED: Nov 09, 2017)

by Mike Convertino

As enterprises more closely align their security and IT operations, they still struggle to shift their security programs from reactive to proactive.

Five Reasons the CISO is a Cryptocurrency Skeptic—Starting with Bitcoin

blog / Sept 13, 2017 (MODIFIED: Oct 24, 2017)

by David Holmes

There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals.

Six Steps to Finding Honey in the OWASP

blog / Aug 31, 2017 (MODIFIED: Oct 17, 2017)

by Ray Pompon

According to Verizon’s 2014 Data Breach Investigations Report, “Web applications remain the proverbial punching bag of the Internet.” Things haven’t improved much since then. What is it about web applications that makes them so...

Achieving Multi-Dimensional Security through Information Modeling—Executive Threat Modeling Part 3

blog / Aug 23, 2017 (MODIFIED: Oct 10, 2017)

by Ravila White

How InfoSec leaders can build successful threat models by defining the threat landscape and its component resources, then asking simple, situational questions.

Where Do Vulnerabilities Come From?

blog / Aug 15, 2017 (MODIFIED: Sept 26, 2017)

by Ray Pompon

Vulnerabilities are an emergent property of modern software’s complexity, requested features, and the way data inputs are handled.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem

blog / Aug 03, 2017 (MODIFIED: Oct 30, 2017)

by Mike Simon

This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.

What Are You Doing to Protect Critical Infrastructure?

blog / Jul 25, 2017 (MODIFIED: Nov 10, 2017)

by Mike Levin, Center for Information Security Awareness

Protecting our critical infrastructure is everyone’s responsibility, and there are many ways we can all do our part.

How to Avoid the Six Most Common Audit Failures

blog / Jul 18, 2017 (MODIFIED: Sept 01, 2017)

by Ray Pompon

A veteran auditor told us how organizations fail audits. Here are six detailed strategies to help you achieve success.

Who Should the CISO Report To?

blog / Jul 11, 2017 (MODIFIED: Aug 24, 2017)

by Ray Pompon

Savvy organizations that understand the gravity of cyber security are giving CISOs a voice at the executive table.

The Six Most Common Audit Failures

blog / Jun 29, 2017 (MODIFIED: Aug 15, 2017)

by Kyle Robinson, Senior Manager at Grant Thornton

A veteran auditor walks through where he’s seen organizations fail during audit.

Achieving Multi-Dimensional Security through Information Modeling—The Master Model Part 2

blog / Jun 22, 2017 (MODIFIED: Aug 03, 2017)

by Ravila White

Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.

Yak Shaving: CISOs Aren’t Immune

blog / Jun 14, 2017 (MODIFIED: Jul 25, 2017)

by Ray Pompon

Sometimes, CISOs spin their wheels doing useless security activity that only looks productive from the outside.

10 Ways Organizations Can Get Ready for Breach Disclosure

blog / Jun 08, 2017 (MODIFIED: Jul 20, 2017)

by Ray Pompon

Facing data breach disclosure requirements across the globe, organizations need to be prepare in advance to respond well.

The CISO: A Field Guide

blog / Jun 01, 2017 (MODIFIED: Jul 18, 2017)

by Bill Hughes

Learn to recognize different types of CISOs so you can ensure you’re hiring the right one.

How I Learned to Love Cyber Security

blog / May 25, 2017 (MODIFIED: Jul 18, 2017)

by Todd Plesco, CISO of Prescribe Wellness

Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.

How a CISO Can Play a Role in Selling Security

blog / May 23, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

More and more CISOs are finding themselves pulled into the sales cycle to defend and sell their security programs. Here’s how to do it right.

Can Your Risk Assessment Stand Up Under Scrutiny?

blog / May 09, 2017 (MODIFIED: Jul 24, 2017)

by Ray Pompon

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

Achieving Multi-Dimensional Security through Information Modeling – Part 1

blog / May 04, 2017 (MODIFIED: Jul 18, 2017)

by Ravila White

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

7 Upgrades to Level Up Your Security Program Experience

blog / Apr 28, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.