Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
The ISMG Security Report leads with views on a novel way to fund the growth of the United States military's Cyber Command by seizing assets such as digital currencies from hackers and other criminals. Also, we offer tips on how to recruit scarce IT security pros.
Organizations in all sectors "need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, says consultant Ed Amoroso, former AT&T chief security officer.
The never-ending stream of bad information security news is fueling a virtual gold rush for companies offering protection. A new report from Forrester predicts a healthy growth rate over the next five years, with some specific technologies expected to see double-digit growth.
Hiring managers will need to get increasingly creative to find talent to fill their vacant information security positions, particularly in a shallow talent pool that is forecasted to get even thinner. Experts in the hiring trenches offer seven key tips to consider.
Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.
The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.
Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.
Most large organizations at least pay lip service to breach preparedness. But when it comes to proper policies, planning and practice, far too many still fall short, says Stuart Mort of the Australian telecommunications firm Optus. Here's what they are overlooking.
In an in-depth interview, two security experts go head-to-head over the appropriateness of the White House engaging the Kremlin on cybersecurity matters in light of Russia's hacking of the 2016 U.S. presidential election.
Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.
The plaintiffs who are suing Donald Trump's presidential campaign for conspiring with Russia and WikiLeaks over disclosing their private information stolen from Democratic Party computers could declare a moral victory even if they lose their case. Could exposing the truth be their ultimate goal?
Organizations need to take a well-considered, structured approach to integrating IoT into existing information risk management processes to address security, Gartner's Ganesh Ramamoorthy explains in an in-depth interview.