Opinion

Opinion

IT risk management

• Security Think Tank: Financial loss as a key security risk indicator

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: No one key risk indicator is generic across all businesses

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Is it true you can't manage what you don't measure?

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Key considerations for determining cyber risk

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Five elements of a key cyber risk indicator

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Aim for business intelligence-driven system of risk indicators

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Invest in proactive approach to security and digital risk

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Cyber metrics need to be meaningful

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Breaking the chains: How FUD is holding the cyber sector hostage

  The cyber security industry must move past fear tactics and get back to the basics of good cyber security practice  Continue Reading

• Security Think Tank: UTM a key part of a well-rounded security strategy

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: No tech will ever counter-balance poorly implemented processes

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Know strengths and weaknesses of UTM systems

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Approach UTM with caution

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: UTM attractive to SMEs, but beware potential pitfalls

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Focus UTM capabilities on security and business needs

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Many routes to UTM to boost security capabilities

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Arguments for and against unified threat management

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Facebook’s high-stakes privacy gamble goes to Dublin court

  A high-wire gamble with billions in compensation at stake for European internet users – part of a complex case between Facebook and the Irish information commissioner – hides challenge to the unlawfulness of US state internet surveillance  Continue Reading

• Security Think Tank: Walk before you run

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Apply different techniques to safeguard against rogue code

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Combine SDN, containerisation and encryption to halt rogue code

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: How to use SDN, containers and encryption – and some warnings

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Creative thinking key to meeting emerging security challenges

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: The security role of SDN, containers, encryption and SDP

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• eIDAS and the EU’s mission to create a truly portable identity

  It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes   Continue Reading

• Security Think Tank: Meeting the security challenge of multiple IT environments

  How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Use SDN, containerisation and encryption tools to boost security

  How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Can we live without passwords?

  Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve  Continue Reading

• Security Think Tank: Pay attention to attribute-based system access permissions

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not  Continue Reading

• Security Think Tank: Focus on malicious use of AI in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Strong 2FA should be a goal in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Let’s hope for treaty on online norms

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Put collaboration on 2019 security agenda

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Align security strategy to business objectives

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not  Continue Reading

• Security Think Tank: Let’s get back to basics in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Prioritise multifactor authentication in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Smart botnets resist attempts to cut comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be ...  Continue Reading

• Security Think Tank: Strategies for blocking malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: Prevention and detection key to disrupting malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: Severing C&C comms is key, but complex

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: Firms neglect DNS security at their peril

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: Three steps to detect malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: How to tool up to catch evasive malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Drawing the line for cyber warfare

  With alleged Russian meddling in elections and the state-backed attack on Iran’s nuclear programme, it is becoming difficult to define the boundaries of cyber warfare  Continue Reading

• Security Think Tank: Situational awareness underpins effective security

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including ‘sleepers’ designed to be activated...  Continue Reading

• Security Think Tank: Basic steps to countering malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated...  Continue Reading

• Security Think Tank: Combine tech, process and people to block malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be ...  Continue Reading

• GCHQ offers help to embryonic Irish cyber security organisation

  Ciaran Martin head of the UK's National Cyber Security Centre, part of GCHQ, builds bridges with the Republic of Ireland's intelligence community during an official visit to Dublin  Continue Reading

• Security Think Tank: Top considerations to reduce application layer attacks

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Gap, risk and business impact analysis key to application security

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Three ways to safeguard against application layer vulnerabilities

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Deploy multiple defence layers to protect data-rich applications

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: A three-pronged approach to application security

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Think Tank: Application layer attack mitigation needs to start with risk analysis

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Defend application layer with good security hygiene

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Counter application layer attacks with automation

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Focus on security before app deployment

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Mitigating third-party cyber risks in a new regulatory environment

  GDPR and the NIS Directive increase the focus on managing cyber security throughout the supply chain. Organisations need to check their suppliers are compliant  Continue Reading

• Security Think Tank: Monitoring key to outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Enable outcomes-based security in software development

  What is the first step towards moving from a tick box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: C-suite needs to drive outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Shift to outcomes-based security by focusing on business needs

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Everyone, everywhere is responsible for IIoT cyber security

  Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive ...  Continue Reading

• Security Think Tank: Start outcomes-based security with asset identification

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Security governance key to outcomes-based approach

  What is the first step towards moving from a tick-box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Why the government should rethink the UK’s surveillance laws

  The European Court of Human Rights has made clear that the Snoopers’ Charter is an unlawful violation of people’s rights and freedoms  Continue Reading

• Security Think Tank: Supplement security with an MSSP to raise the bar

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Adopt a proactive approach to software vulnerabilities

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Four key steps to managing software vulnerabilities

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Four steps to managing software vulnerabilities

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Balancing cost and risk in software vulnerability management

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: No shortcuts to addressing software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: How to manage software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: How to achieve software hygiene

  What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Eight controls to manage software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Security Think Tank: Follow good practice to reduce risk of software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Information security risk – keeping it simple

  Organisations should start with risk management to understand information security risks and communicate them better internally  Continue Reading

• AI: Black boxes and the boardroom

  Computers can and do make mistakes and AI is only as good its training so relying purely on machine intelligence to make critical decisions is risky  Continue Reading

• Security Think Tank: Outsource security operations, not control

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Outsource responsibility, not accountability

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Almost all security can be outsourced, but not the risk

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Risk tolerance key to security outsourcing policy

  What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Top things to consider in security outsourcing

  What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: A risk-based approach to security outsourcing

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: A good password policy alone is not enough

  In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Some basic password guidelines

  In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Passwords alone are not good enough

  In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: How to create good passwords and add security layers

  In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough?  Continue Reading

• Security Think Tank: Complex passwords provide a false sense of security

  In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Use pass phrases and 2FA to beef up access control

  In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password – and when is a password alone not enough?  Continue Reading

• Security Think Tank: Put more layers around passwords to up security

  In light of the fact that complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Cyber security – why you’re doing it all wrong

  Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong?  Continue Reading

• Security Think Tank: GDPR requires unprecedented view of data flows

  Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Focus on data protection, but do not rely on DLP alone

  Why is it important to know where data flows, with whom it's shared and where it lives at rest – and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Understand data for risk-based protection

  Why is it important to know where data flows, with whom it is shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Ignorance about data is tantamount to negligence

  Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Use data flow information to protect systems

  Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Data governance is essential to data security

  Why is it important to know where data flows, with whom it's shared and where it lives at rest – and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Data governance is good for business and security

  Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Information management means better security

  Why is it important to know where data flows, with whom it's shared and where it lives at rest – and what is the best way of achieving this?  Continue Reading