Opinion

Opinion

IT risk management

• Security Think Tank: Information management means better security

  Why is it important to know where data flows, with whom it's shared and where it lives at rest – and what is the best way of achieving this?  Continue Reading

• Hacking the internet of things just got easier – it’s time to look at your security

  Are you taking security for internet-connected devices seriously enough?  Continue Reading

• Security Think Tank: Five tips for killing the campers on your network

  Why is reducing cyber attacker dwell time important and how should this be tackled?  Continue Reading

• Security Think Tank: More time equals more opportunity for cyber attackers

  Why is reducing cyber attacker dwell time important and how should this be tackled?  Continue Reading

• Security Think Tank: Prevention and detection are key to limit dwell time

  Why is reducing cyber attacker dwell time important and how should this be tackled?  Continue Reading

• Security Think Tank: Containment should be top priority in cyber breaches

  Why is reducing cyber attacker dwell time important, and how should this be tackled?  Continue Reading

• Security Think Tank: Reducing cyber attacker dwell time is critical

  Why is reducing cyber attacker dwell time important, and how should it be tackled?  Continue Reading

• Security Think Tank: GDPR compliance one good reason to cut attacker dwell time

  Why is reducing cyber attacker dwell time important, and how should this be tackled?  Continue Reading

• Security Think Tank: Reduce attacker dwell time with defence in depth

  Why is reducing cyber attacker dwell time important and how should this be tackled?  Continue Reading

• How a new ISO standard helps you take control of your IT assets

  The updated ISO standard 19770-1:2017 offers IT managers a way to bring their hardware and software assets under a single management standard  Continue Reading

• Security Think Tank: Use good practice to address cryptojacking risk

  How can organisations best defend against cryptojacking?  Continue Reading

• Security Think Tank: Cryptojacking can be costly

  How can organisations best defend against cryptojacking?  Continue Reading

• Security Think Tank: Six tips for securing your organisation against cryptojacking

  How can organisations best defend against cryptojacking?  Continue Reading

• Why businesses must think like criminals to protect their data

  Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place  Continue Reading

• Security Think Tank: Deal with cryptojacking to avoid security vulnerability

  How can organisations best defend against cryptojacking?  Continue Reading

• Security Think Tank: User vigilance key to cryptojacking defence

  How can organisations best defend against cryptojacking?  Continue Reading

• Security Think Tank: Use awareness, education and controls to halt cryptojacking

  How can organisations best defend against cryptojacking?  Continue Reading

• SD-WAN needs software-defined security

  Digital transformation is driving organisations to move to the cloud, which requires a new architecture that embraces cloud technology, but that in turn requires a new way of thinking about network security to ensure data is protected  Continue Reading

• Australian firms need to move faster in the digital age

  Just over a tenth of IT professionals in Australia say their companies can roll out a new product in less than three months, despite operating in fast-moving markets with digitally savvy customers  Continue Reading

• Security Think Tank: Fileless malware not totally undetectable

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Awareness is a good starting point to counter fileless malware

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Patch, scan and lock down to counter fileless malware

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Human, procedural and technical response to fileless malware

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Use layered security and patch management to defeat fileless malware

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Multi-layered security key to fileless malware defence

  What should organisations do, at the very least, to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Aim to detect and contain fileless malware attacks quickly

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Security Think Tank: Social engineering at the heart of fileless malware attacks

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• GDPR gotchas and how to handle them

  We look at common problems organisations encounter when dealing with the EU’s General Data Protection Regulation (GDPR), which comes into force on 25 May 2018  Continue Reading

• Why police forces need to be honest about mass mobile phone surveillance

  Police forces across the UK are covering up their use of sophisticated mass surveillance devices, known as IMSI-catchers - the Bristol Cable and Liberty are campaigning for proper transparency  Continue Reading

• Mobile biometrics set to be game-changer in APAC

  Telcos, financial institutions and other industry players risk losing market share if they do not keep up with the demand for security, convenience and mobility  Continue Reading

• Security Think Tank: How to evolve SecOps capacity

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Take care of security basics before automating

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: How automation can reduce the load on the security operations team

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Approaches to strengthening security operations

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Europe’s shameful role in spy-tech exports that led to torture and jail

  Governments in Europe actively assisted in government oppression in Iran, Bahrain and Russia by providing states with sophisticated surveillance equipment. The European Parliament is pressing for changes in the law to restrict exports of ...  Continue Reading

• Security Think Tank: Automating basic security tasks

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Don’t automatically automate security

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Establish best practice before automating security processes

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Humans and AI machines in harmony

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Zero in on your zero-day vulnerabilities

  A zero-day attack comes, by definition, out of the blue. You cannot predict its nature or assess how much damage it might cause, but you can take some basic steps to protect yourself from a potentially crippling cyber strike  Continue Reading

• My brother Lauri Love should have the right to a trial in the UK

  Lauri Love should face trial over hacking allegations in a British Court, rather than be extradited to the US, where his extraordinary skills will be lost to society, says his younger sister  Continue Reading

• A guide for businesses to China’s first cyber security law

  Companies that break China’s new cyber security law may be fined or even have their licence to trade in the country removed  Continue Reading

• A history of hacking and hackers

  A security professional’s view on criminal hacking has shifted away from the traditional stereotype of the hacker, towards a much more diverse cross-section of wider society  Continue Reading

• Criminal law: Are Twitter threats taken seriously?

  As threats of violence become increasingly common online, law enforcement is taking stronger action against the perpetrators  Continue Reading

• Security Think Tank: Focus on high risk by automating low-risk patching

  How should organisations address the need to keep software up to date with security patches without it costing too much or being too labour intensive?  Continue Reading

• Security Think Tank: Patching is vital and essentially a risk management exercise

  How should organisations address the need to keep software up to date with security patches without it costing too much or being too labour intensive?  Continue Reading

• Rethink risk through the lens of antifragility

  Antifragility is an exciting alternative that fuses value and risk, and CIOs and IT executives are well positioned to help  Continue Reading

• Security Think Tank: Top three DNS-related security risks

  What are the main security risks associated with the domain name system and how are these best mitigated?  Continue Reading

• Security Think Tank: Communication is key to cyber security in digital era

  How can information security professionals help organisations to understand the cyber risks across increasingly digital businesses?  Continue Reading

• Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

  Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon  Continue Reading

• Six essential processes for keeping data secure

  Data security is increasingly vital for organisations as the countdown begins for compliance with new rules imposed by the EU’s general data protection regulation  Continue Reading

• Security Think Tank: Many breaches down to poor access controls

  In the modern business environment, what are the most common access control mistakes – and how best are these corrected?  Continue Reading

• The problem with passwords: how to make it easier for employees to stay secure

  An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems  Continue Reading

• Security Think Tank: Top five access control mistakes

  In the modern business environment, what are the most common access control mistakes and what is the best way to correct them?  Continue Reading

• Life’s a breach: How to handle the press after a hacking attack

  Emily Dent, specialist in crisis PR, offers some advice to organisations that unexpectedly find themselves in the headlines  Continue Reading

• Five questions every board should ask after Sony Pictures breach

  What can the board do to avoid having to answer embarrassing questions at the next shareholder meeting?  Continue Reading

• User acceptance testing needs real training, not just a short course

  In spite of its importance, user acceptance testing (UAT) is often chaotic, problematic and ineffective  Continue Reading

• Privacy concerns in the digital world

  Considering the full spectrum of privacy, people need to ask themselves if they are comfortable with all their characteristics in the public domain  Continue Reading

• How to appoint a new outsourcing supplier

  Outsourcing can come with its own security risks if not managed appropriately, making due diligence and clear contractual arrangements key  Continue Reading

• The dangers of internet cafés

  Businesses need clear computer use policies and need to ensure staff are properly trained in data protection, writes Garry Mackay  Continue Reading

• The data fragmentation challenge

  Few organisations have policies to guide where data should and should not be stored. The result: data fragmentation  Continue Reading

• The ideology of hacking

  Business leaders need to be educated on the true threats their firms face and IT security professionals have to arm their executives with that information  Continue Reading

• The challenges of information governance in our increasingly litigious age

  Formulating the right enterprise-wide information governance policies is essential in heading off potential legal and compliance costs  Continue Reading

• Securing the hypervisor: expert tips

  There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances  Continue Reading

• Security Think Tank: You can’t protect what you don’t know you’ve got

  IP theft: who should be tackling it and how?  Continue Reading

• How to survive a data breach

  Six practical tips on how to prepare for and survive a data breach  Continue Reading

• The history of the next-generation firewall

  Security expert Rik Ferguson explains how next-generation firewalls were developed and what protection they provide businesses.  Continue Reading

• Security Zone: The ISO/IEC 38500 IT Governance Standard

  IT governance means different things to different folks, yet it is generally understood to require alignment with best practice standards and methodologies. However, it can be really hard to see the wood for the trees due to the multiple frameworks,...  Continue Reading

• Who watches the watchers?

  The Civil Aviation Authority must come clean about how it has policed Nats' computer systems  Continue Reading

• Solution: Internet misuse at work

  Like the technology, Internet abuse appears to have proliferated in recent years. There are, however, two ways to tackle this...  Continue Reading