Opinion

Opinion

Application security and coding requirements

• No easy fix for vulnerability exploitation, so be prepared

  Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this  Continue Reading

• Doing the right thing: How CISOs should approach responsible disclosure

  Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure  Continue Reading

• Security Think Tank: Responsible vulnerability disclosure is a joint effort

  By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity  Continue Reading

• New strategies needed to close the cyber security skills gap

  Teaching cyber security in schools is a long-term solution to a present-day problem  Continue Reading

• How the cyber security market is evolving

  The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments?  Continue Reading

• Government-led innovation can help cyber startups find a market

  There are many reasons why early-stage cyber startups often struggle to get off the ground, but government-backed programmes can help them find a path  Continue Reading

• Security Think Tank: As offices reopen, address patching and ‘build drift’

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Why agility is the key to secure software

  Continuous delivery of software product releases demands continuous security. Businesses and regulators are right to wonder whether organisations are valuing cyber security by the design of their products  Continue Reading

• Security Think Tank: Security culture must underpin vaccine passports

  What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports must be secure by design

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: It’s time to secure the collaboration revolution

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Security at the distributed edge

  That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Don’t believe the hype: AI is no silver bullet

  We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check  Continue Reading

• Security Think Tank: The past and future of security automation

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: Balancing human oversight with AI autonomy

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: SIEM and AI – a match made in heaven?

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: Artificial intelligence will be no silver bullet for security

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: AI cyber attacks will be a step-change for criminals

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: Get your house in order before deploying AI

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: ‘Shift left’ to secure containers

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Securing containers needn’t be taxing

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Container security starts with good DevOps practice

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Four steps to container security best practice

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• The impact of spycraft on how we secure our data

  The history of cyber security owes much to the world of espionage, as a recent, pre-lockdown Science Museum exhibition showed  Continue Reading

• JavaScript skimmers: An evolving and dangerous threat

  Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving  Continue Reading

• Security Think Tank: Zero trust strategies must start small, then grow

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Ask yourself if zero trust is right for you

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: How zero trust lets you take back control

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: No trust in zero trust need not be a problem

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: In-depth protection is a matter of basic hygiene

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Proper segregation is more important than ever

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• eIDAS and the EU’s mission to create a truly portable identity

  It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes   Continue Reading

• Security Think Tank: Pay attention to attribute-based system access permissions

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not  Continue Reading

• Raising security awareness through phishing simulation – how to get it right

  Testing employees’ security practices by sending fake phishing emails has become commonplace, but few organisations are conducting such exercises effectively  Continue Reading

• Security Think Tank: Top considerations to reduce application layer attacks

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Gap, risk and business impact analysis key to application security

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Three ways to safeguard against application layer vulnerabilities

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Deploy multiple defence layers to protect data-rich applications

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: A three-pronged approach to application security

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Think Tank: Application layer attack mitigation needs to start with risk analysis

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Defend application layer with good security hygiene

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Counter application layer attacks with automation

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Focus on security before app deployment

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Supplement security with an MSSP to raise the bar

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Adopt a proactive approach to software vulnerabilities

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Four key steps to managing software vulnerabilities

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Four steps to managing software vulnerabilities

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Balancing cost and risk in software vulnerability management

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: No shortcuts to addressing software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: How to manage software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: How to achieve software hygiene

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Eight controls to manage software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Follow good practice to reduce risk of software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Automating basic security tasks

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Encourage employees to use an approved messaging app

  What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees?  Continue Reading

• Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

  Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon  Continue Reading

• Managing open-source security: a legal perspective

  Open-source software is being used more widely than ever – but do IT leaders understand the legal risks?  Continue Reading

• Security Think Tank: Allocate maintenance processes to each piece of key software

  What strategies can companies adopt to help keep up with and deal with the huge volume of software updates they are facing?  Continue Reading

• Security Think Tank: Using vulnerability management to support the patching process

  What strategies can companies adopt to deal with the huge volume of software updates they are facing?  Continue Reading

• Security Think Tank: Five strategies for dealing with software security updates

  What strategies can companies adopt to keep up with, and deal with, the huge volume of software updates they face?  Continue Reading

• The problem with passwords: how to make it easier for employees to stay secure

  An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems  Continue Reading

• Are cloud users worrying about nothing when it comes to data sovereignty?

  With the upheaval surrounding the EU-US Privacy Shield, Clive Longbottom takes a closer look at the issue of sovereignty  Continue Reading

• When a slowdown in IT budgets is a good thing

  IT budgets will grow at their slowest rate for four years in 2016, yet companies are spending more on digital technology  Continue Reading

• Saving Bletchley Park: The women of Station X

  Sue Black recalls her first experience of Bletchley Park and the women who worked there, inspiring a campaign to save the home of the WW2 codebreakers  Continue Reading

• Network security systems – dedicated or multifunction?

  For small and medium-sized businesses looking to secure their networks, multifunction security systems are a better option than best-of-breed technology  Continue Reading

• Security Think Tank: Aim for win-win in SecDevOps

  How can development, operations and security teams collaborate around change to ensure security is maintained and even improved?  Continue Reading

• Security Think Tank: Cyber security should be a pillar of any business plan

  How can development, operations and security teams collaborate around change to ensure security is maintained and even improved?  Continue Reading

• Security Think Tank: Involve all stakeholders to ensure smooth, secure change

  How can development, operations and security teams collaborate around change to ensure security is maintained and even improved?  Continue Reading

• European regulation shakes up online payments security

  Payment service providers and merchants should lose no time in assessing the affect of proposed European security regulations  Continue Reading

• The bad theatre of the Intelligence and Security Committee

  The report of the Intelligence and Security Committee was like a piece of bad theatre  Continue Reading

• A phisher’s paradise

  Email is one of the earliest services created on the internet and, arguably, remains the most important  Continue Reading

• It’s time to add cyber insurance to your cyber security strategy

  Insurance policies for cyber crime have become more credible and viable  Continue Reading

• Security: the oft-forgotten dimension

  Companies are investing in sophisticated devices to protect the security of their computer systems but they are forgetting about one critical element - the employee.  Continue Reading

• Why collaboration is the only way to combat cyber threats

  Cyber threats are the most effective way to attack an organisation and those with malicious intent are finding more sophisticated ways of carrying out their activities  Continue Reading

• So when do employees start following security rules?

  As security needs are rapidly transformed, when do enterprises feel that they are getting on top of information security?  Continue Reading

• Security Think Tank: Risk of software procurement cannot be ignored

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: Security testing a vital part of software procurement

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: Risk-based security will ease software testing challenge

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: Beef up due diligence

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: If cost is king, security suffers

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: How to ensure vendors act efficiently

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: Security pros need to be plugged into procurement

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• Security Think Tank: Procurement and security are uneasy bedfellows

  How can security professionals ensure security testing becomes part of the procurement process for all business software?  Continue Reading

• IT needs soldiers

  The government has recognised that its returning troops can bring value to Britain. Unfortunately it has backed the wrong profession.  Continue Reading

• How to build a website security programme

  Follow this step-by-step strategy for building a website security programme that yields results  Continue Reading

• Stop service providers becoming data security Achilles heel

  Minimising cyber security risks through third-party suppliers is a challenge facing many organisations.  Continue Reading

• Securing the hypervisor: expert tips

  There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances  Continue Reading

• Selling online? A guide to complying with the PCI

  PCI-DSS compliance can leave retailers confused about how best to approach this daunting task. What is it they actually need to do?  Continue Reading

• Trusted computing for industrial control systems and infrastructure

  The Trusted Computing Group’s open standards now include specifications for securing industrial control systems and infrastructure  Continue Reading