Infosecurity Opinions

  1. Comment: Get Your Money's Worth from PCI Pen Testing

    Orthus’ chief executive, Richard Hollis, says the responsibility for a comprehensive PCI pen test rests with the client – and it’s demands. Otherwise, your pen test could end up being worthless…

  2. Comment: Two-factor Authentication – World of the Token Necklace

    SecurEnvoy’s Andy Kemshall looks at the rise of two-factor authentication and why SMS-based technology is the key to strengthening vulnerable virtual applications and access points

  3. Comment: The Hard Cost of Misunderstanding Least Privilege

    John Mutch and Brian Anderson unravel the common misunderstandings about privileged access that prevent organizations from better protecting their network perimeter from the risk of insider threat and negligence

  4. Comment: Where the CISO Should Sit

    The CISO position is making a comeback, but if not strategically positioned in an organization, it can become a powerless figurehead – competing for mindshare and budget with other “functional” operations. Ed Adams of Security Innovation points out why a CISO can be far more effective if reporting to the CEO (or highest ranking risk officer) instead of the CIO

  5. Comment: Breaching Its Way through Congress – The SAFE Data Act

    Richard Moulds of Thales discusses the merits of the SAFE Data Act as it makes its way through the US Congress

  6. Comment: Myths Plague Perceptions of Mobile Malware

    Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies

  7. Comment: New EU e-Privacy Legislation – Why You Should Act Now

    George Thompson of KPMG IT Advisory explains why companies should act now in response to new e-privacy legislation, and the organizational and technical steps to consider

  8. Comment: Avoid 'Friend or Foe' Syndrome with your IT Auditor

    In a perfect world, the confidence and communication that exist between an organization and its IT security auditor might resemble the doctor–patient relationship. But when Philip Lieberman examines this critical aspect of IT security, he finds an increasingly troubled history – and makes some suggestions about how both sides can gain more from the partnership.

  9. Comment: Companies Lose Encryption Keys – and Security – in the Amazon Cloud

    Jeff Hudson of Venafi discusses the importance of proper education and best practices for protecting SSL and SSH keys that secure the cloud

  10. Comment: Encryption Vendors May Be the Weakest Link

    Infosec analyst Matthew Pascucci examines the security incidents that have plagued encryption and authentication vendors this past year and calls on them to beef up their own in-house security, or face the possibility of sanctions

  11. Comment: Security Has Become a Black and White Issue

    As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security

  12. Comment: Password Reuse Equals Misuse

    A recent survey by Swivel Secure shows that 55% of people use the same password, or variations of one, to access all their online activities. Chris Russell examines the corporate risks of password reuse and emphasizes the need for multifactor authentication for accessing business critical data

  13. Comment: Cyber-gang Crackdown Cripples Malware Traffic…for Now

    This past summer’s FBI-coordinated crackdown on computer scareware companies virtually shut the fake security software business down, but without the implementation of tough, diverse preventative solutions, Enigma Software's Alvin Estevez says it might remain akin to nothing more than cutting off the head of a hydra

  14. Comment: Implement Comprehensive Mobile Security – Today

    Mobility and consumerization mean that the landscape of the corporate IT estate is changing in ways that are making new demands of security professionals. Dave Everitt of Absolute Software explains why a multi-tiered security strategy is essential to overcome increased threats

  15. Comment: It’s Time to Take APTs Seriously

    Ross Brewer of LogRhythm explores the danger posed by advanced persistent threats, the rash of high-profile data breaches that have been making headlines this year, and the steps organizations should be taking to protect IT assets

  16. Comment: Network Forensics – Beyond Activity Monitoring

    Network activity monitoring can alert a company to a security breach or an attack, but Jay Botelho of WildPackets points out that a network forensics solution can take network monitoring a step further and use this information to prevent future attacks

  17. Comment: Tackling Data Protection Concerns on Public Cloud Services

    To ensure highest security and compliance standards are met in the cloud, organizations need to adopt a data-centric approach that focuses on protecting data throughout its lifecycle, argues Mike Smart of SafeNet.

  18. Comment: Privacy, Trust and Identity in the Cloud

    The cloud provides many services that are used by individuals to network, and to buy services. ISACA’s Mike Small explores how this has created new challenges relating to identity, privacy and trust

  19. Comment: We All Need to Keep Closer Tabs on Financial Data

    Mohan Koo, managing director of Dtex Systems, explains how recent data breaches show that organizations are focusing on external security while neglecting insider threats

  20. Comment: Power to the People to Secure Consumerized Devices

    How should you deliver security to the personal devices your users want to use for work? Simple – give the users some responsibility. Terry Greer-King of Check Point explains

Why Not Watch?

  1. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  2. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  3. Mastering AI Security With ISACA’s New AAISM Certification

  4. OT Security Ecosystem for Targeted Risk Reduction and Reporting

What’s Hot on Infosecurity Magazine?