The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as...
The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.
The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year.
Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.
While hacking incidents grab the top spots on the federal tally of large health data breaches these days, the serious threat of malicious insiders must not be overlooked or underestimated, the HIPAA enforcement agency and security experts warn.
Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.
People cause data breaches every day. That simple statement hides layers of complexity, compliance issues, and stress for CISOs and their security teams. While we may be able to 'logically' explain malicious breaches by linking them to motivations such as financial gain, it's often more difficult to understand and...
There is a key shift in the
threat landscape as attackers focus more on attacking
key endpoints and infrastructure. As a result, many
organizations are developing security blind spots.
Read this ebook to learn more about:
Shifts in threat activity;
Blind spots in cyber defenses & how to regain...
The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats.
As part of this research, the center addresses how to detect and prevent insider fraud, as well as...
Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.
The Justice Department has indicted two men on charges of paying more than $1 million in bribes to AT&T employees who helped plant malware on the carrier's network and access the company's internal systems. The complicated scheme involved unlocking 2 million smartphones from AT&T's network, prosecutors say.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
Join Enterprise Strategy Group (ESG) and Dtex Systems to get a detailed look at a newly released ESG Research Insights Report, "Insider Threat Program Realities." Based on the survey of 300 security and IT professionals in the US, the report underscores the continued struggle most organizations face when it comes to...