Feature

What is a Trojan horse? How this tricky malware works

A Trojan horse is a type of malware that can wreak havoc on computer networks — but only with your unwitting help.

A new website explains data breach risk

Breach Clarity ranks the risk of stolen or exposed personal data. It's a much needed work in progress.

What is PKI? And how it secures just about everything online

Public key infrastructure (PKI) is a catch-all term for everything used to establish and manage public key encryption, one of the most common forms of internet encryption. It is baked into every web browser in use today to secure traffic across the public internet, but organizations can also deploy it to secure their internal communications.

DNS hijacking grabs headlines, but it’s just the tip of the iceberg

DNS pioneer Paul Vixie contemplates missed opportunities for improving internet security and advocates for widespread use of DNSSEC, which he helped create, and which he believes would go a long way toward improving DNS security.

How to conduct a proper GDPR audit: 4 key steps

Organizations subject to the EU's General Data Protection Regulation should do regular compliance audits. Here are the steps experts say you should take.

How Australian police overcame their password problem

​Western Australia Police’s chief information security officer, Hai Tran has one simple piece of advice for organisations looking to reduce passwork risk: don’t use passwords.

How to implement and use the MITRE ATT&CK framework

The MITRE ATT&CK framework is a popular template for building detection and response programs. Here's what you'll find in its knowledgebase and how you can apply it to your environment.

Gaming creates a new breed of cybersecurity talent

This gives CIOs an opportunity to tap into the existing talent base already within their organisation to hone and sharpen the specific skills that gamers possess.

Opsec: A process for protecting critical information

Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger picture that ought to stay hidden.

How to evaluate SOC-as-a-service providers

Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them.

What is "reasonable security"? And how to meet the requirement

Privacy regulations such as the GDPR and CCPA require companies to provide "reasonable security" to protect customers' personal information. Here's how you might best achieve that standard.

How Apple’s iCloud authentication system fails to protect your account

Apple’s 2FA iCloud system is generally very diligent about securing your account, especially when you have two devices, but it has one key flaw.