Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger picture that ought to stay hidden.
Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them.
Privacy regulations such as the GDPR and CCPA require companies to provide "reasonable security" to protect customers' personal information. Here's how you might best achieve that standard.
Apple’s 2FA iCloud system is generally very diligent about securing your account, especially when you have two devices, but it has one key flaw.
With enterprises moving towards hybrid ecosystems, security leaders need to strike the right balance between user experience and the zero-trust approach.
The biggest ransomware attacks illustrate how this particularly nasty genre of attack software has grown from a curiosity and an annoyance to a major crisis.
A honeypot is a system designed to lure hackers into revealing their origins and techniques, and they're used by security researchers and corporate IT alike.
Companies give CEOs a pay rise while cutting dividend payments and research and development investment in the wake of a data breach, analysis by researchers at Warwick Business School has revealed.
Hate passwords? We all do. So Microsoft, Google, and other browser makers have made WebAuthn to replace passwords with your fingerprint and facial recognition.
When someone in your organization starts using internet-connected devices without IT’s knowledge, that’s shadow IoT. Here's what you need to know about its growing risk.
An IT auditor is responsible for analyzing and assessing an organization’s technological infrastructure to find problems with efficiency, risk management and compliance.