The cyberwar discussion is mired in confusion.
Stories by Bill Brenner
Sophos Senior Technology Consultant Graham Cluley agrees with a BitDefender study showing Facebook as a growing attack vector for smartphone malware. Sophos has seen a similar pattern, and Android phones are often the easiest targets, said Cluley in an interview with CSO.
"The iPhone operates in a more controlled environment and the BlackBerry security model is fairly strong. Because Android operates in a more open environment, it's more open to infections," Cluley said.
When CSO teamed up with PricewaterhouseCoopers to conduct its Eighth Annual Global Information Security Survey earlier this year, one question asked was who CISOs are reporting to these days. What the majority of respondents said was somewhat surprising.
Of the 12,847 respondents, only 6.5 percent described themselves as a chief information officer. Meanwhile, when CISOs were asked who they report to, most said the company CEO or board of directors. Less than a quarter of respondents said they report to the CIO.
The threats and challenges you face haven't changed much in the past year, but you're finding a better recipe for protecting your corporate data and networks, according to our eighth annual Global Information Security Survey.
You want to embrace cloud computing because it makes your IT operations leaner and less expensive. But your understanding of cloud security hasn't advanced much in the last year, so you have to be cautious.
That's one of the takeaways from the Eighth Annual Global Information Security Survey CSO conducted along with sister publication CIO and PriceWaterhouseCoopers. Some 12,847 business and technology executives from around the world took the survey, and many admitted they're still a bit scared with the idea of putting critical data in the cloud.
Physical and IT security shops often have trouble working together. They work as two separate departments and cultures, and criminal activity can go unnoticed as a result.
At the recent CSO Security Standard event, two security professionals sought to change that, offering up a plan the physical and IT sides can use to join forces for a far more potent defense.
IT security practitioners typically greet vendor-based studies with scepticism because they come off as a sales pitch for whatever products that vendor sells. People become especially leery when a study leads to the predicted death of a particular security tool. But when looked at cumulatively, such studies offer small snapshots of why companies are making certain security decisions.
Two newly released studies aiming to do just that looked at how security information event management (SIEM) and other log management tools are being used in mid-sized companies.
Here are four techniques and related technologies several cited as underrated in today's security fight. Since one security pro's miracle tool is another's waste of budget, it's no surprise that a couple of the technologies panned in an article that came out early this week on overrated security technologies are praised here.
Anyone who knows me understands that social networking is a critical piece of what I do. Every story, podcast, column and slideshow we publish on CSOonline is quickly proliferated via Facebook, LinkedIn, Twitter and elsewhere online. So it might be easy to look at the headline of this column and suggest I'm being a hypocrite.
The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?
CSOonline.com recently conducted an unscientific survey on the matter, asking those questions to a variety of security forums on LinkedIn and following it up with e-mails and phone conversations. What follows are four technologies several cited as overrated in today's security fight.
Microsoft caused the IT security community more than a little heartburn when it included fixes for the barely-out-of-the-box Windows 7 in its October 2009 Patch Tuesday security update.
Nevertheless, Jimmy Kuo - principal architect for Microsoft's Malware Protection Center - has high hopes that Windows 7 will ultimately be seen as the major turning point where malware writers finally met their match. In the following Q&A, Kuo talks about the top takeaways from the latest Microsoft security intelligence report and why he believes Windows 7 will ultimately shut the door on a lot of the malware activity outlined this year.
The worst economic recession in decades has compelled more companies to spend less on outsourced security services and do more in-house, according to the seventh-annual Global Information Security survey, which CSO and CIO magazines conducted with PricewaterhouseCoopers earlier this year.
Virtualization and cloud computing let you simplify your physical IT infrastructure and cut overhead costs, but you've only just begun to see the security risks involved.
Social networking and cloud computing threats abound, our annual Global Information Security Survey finds, making information security important once again to business leaders.
IT security pros are often driven to drink - literally - over the daily battles of their job: bosses unwilling to accept the rationale for some new security investment, employees who regularly infect their computers by doing things that have nothing to do with their jobs, and vendors who don't understand the company's needs.
But in a recent, unscientific and informal poll CSOonline conducted over such social networks as Twitter and LinkedIn, many IT security pros admitted they've often looked the enemy in the eye only to find themselves staring back in the mirror. Or, they've seen carelessness in well-meaning professionals who should know better.