Home > RSS Feeds > Security
  • It seems that far too many information workers still don't fully understand the importance of keeping their log-in details confidential. In a recent study of 2,000 white-collar employees in the United States and the United Kingdom, security software vendor IS Decisions found that alarming numbers of workers don't believe their log-in details represent a security threat. What's worse, an even greater percentage of managers feel the same way. IS Decisions' report, "From Brutus to Snowden: A Study of Insider Threat Personas," also found that age is a significant determining factor, with younger workers being much more likely to share log-ins and passwords than their older colleagues. The findings serve as a reminder to IT security teams that understanding the behavior of their own users should be one of their most important jobs. "The recurrent theme is lack of education," said IS Decisions CEO François Amigorena. "This highlights the need for a tailored approach to tackling internal security that addresses everyone in an organization, from top to bottom." The company recommends some steps for dealing with this challenge, including making employees more familiar with security policies, restricting concurrent access and instituting harsher punishments for offenders. There's also one tongue-in-cheek piece of advice: Passwords are like underwear. They should be changed often, not shared with friends, kept as mysterious as possible and not left lying around.

  • Cyber-security attacks are increasing, and (ISC)2's goal is to help IT professionals address the growing complexities involved in protecting data and systems.

  • These practical suggestions will prepare your organization to respond quickly and effectively to what experts consider nearly inevitable: a data breach.

  • A network access control solution enables Broward College to manage the thousands of students and staff who access the network from their mobile devices.

  • When nearly two-thirds of the public is back to using cash for purchases—even temporarily—something is incredibly wrong with our security systems and processes.

  • By becoming familiar with applicable privacy laws and regulations and by following these best practices, organizations can help avoid costly data breaches.

  • Digital technologies and the Internet have made it possible for hackers, thieves, spies and other cyber-crooks to unleash threats on a wider and broader scale than ever before. The results of the "2014 U.S. State of the Cybercrime Survey,"  a collaborative study by PwC, CSO magazine, the U.S. Secret Service and the CERT Division of the Software Engineering Institute at Carnegie Mellon University, paints an increasingly dismal picture. Incidents are on the rise, monetary losses are trending upward and most IT organizations lack the skills to match increasingly sophisticated cyber-thieves. In fact, the report found that only 38 percent of companies have a methodology to prioritize security investments based on risk and impact to business strategy. At the heart of the problem: "Cyber-criminals evolve their tactics very rapidly, and the repercussions of cyber-crime are overwhelming for any single organization to combat alone," points out David Burg, PwC's Global and U.S. Advisory Cyber-Security Leader. "The increasing sophistication of cyber-criminals and their ability to circumvent security technologies indicate the need for a radically different approach to cyber-security: a balanced approach that, in addition to using effective cyber-security technologies, develops the people, processes and effective partnerships [needed] in order to strategically counter cyber-security threats,” adds Ed Lowery, special agent in charge, Criminal Investigative Division, U.S. Secret Service. More than 500 executives in U.S. businesses, law enforcement services and government agencies responded to the survey. Here's a look at the key findings.

  • The 2014 FIFA World Cup is putting the spotlight on the growing problem of financial fraud, and it's very difficult to prevent fraud with current technology.