Feature

Opsec: A process for protecting critical information

Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger picture that ought to stay hidden.

How to evaluate SOC-as-a-service providers

Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them.

What is "reasonable security"? And how to meet the requirement

Privacy regulations such as the GDPR and CCPA require companies to provide "reasonable security" to protect customers' personal information. Here's how you might best achieve that standard.

How Apple’s iCloud authentication system fails to protect your account

Apple’s 2FA iCloud system is generally very diligent about securing your account, especially when you have two devices, but it has one key flaw.

Here’s how one company is simplifying secure access in the age of hybrid

With enterprises moving towards hybrid ecosystems, security leaders need to strike the right balance between user experience and the zero-trust approach.

The 6 biggest ransomware attacks of the last 5 years

The biggest ransomware attacks illustrate how this particularly nasty genre of attack software has grown from a curiosity and an annoyance to a major crisis.

What is a honeypot? A trap for catching hackers in the act

A honeypot is a system designed to lure hackers into revealing their origins and techniques, and they're used by security researchers and corporate IT alike.

Firms pay CEOs more, shareholders less in wake of data breach, analysis reveals

​Companies give CEOs a pay rise while cutting dividend payments and research and development investment in the wake of a data breach, analysis by researchers at Warwick Business School has revealed.

What is cryptojacking and how does it work?

'Cryptojacking' is a term used to describe the action of secretly using a computer to mine cryptocurrency.

WebAuthn: What you need to know about the future of the passwordless Web

Hate passwords? We all do. So Microsoft, Google, and other browser makers have made WebAuthn to replace passwords with your fingerprint and facial recognition.

What is shadow IoT? How to mitigate the risk

When someone in your organization starts using internet-connected devices without IT’s knowledge, that’s shadow IoT. Here's what you need to know about its growing risk.

IT auditor explained: Role, responsibilities, skills and salaries

An IT auditor is responsible for analyzing and assessing an organization’s technological infrastructure to find problems with efficiency, risk management and compliance.