The security industry is changing, as is the profile of a successful security executive. Maintaining the status quo is no longer an option, and ignorance of risks is no longer an excuse for not mitigating them. This topic in Security features game-changing security directors or industry leaders in different sectors. So who is breaking new ground in the security industry, making great strides forward in risk management while better supporting the enterprise as a whole? If you know someone (or are someone) who fits this bill – let us know! Send your recommendations and suggestions for future Profiles in Excellence to Security Associate Editor Maria Henriquez at email@example.com.
Russian cyber actors from the GRU Main Center for Special Technologies (GTsST), field post number 74455, have been exploiting a vulnerability in Exim Mail Transfer Agent (MTA) software since at least August 2019, warns a new National Security Agency (NSA) cybersecurity advisory.
ISACA has updated its performance CSX Cybersecurity Practitioner (CSX-P) certification with expanded job tasks that span and test across five key security functions – Identify, Protect, Detect, Respond, and Recover.
Probationary employees—generally those with less than 1 or 2 years of federal service—can be especially vulnerable to reprisal because they have fewer protections from adverse personnel actions, including termination, the Government Accountability Office found.
To bolster the resilience of the Global Positioning System (GPS) and the wide scope of technologies and services that rely on precision timing, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) is requesting information from the public about the broad use of positioning, navigation and timing (PNT) services, as well as the cybersecurity risk management approaches used to protect them.
Researchers at NIST have developed a mathematical formula that, computer simulations suggest, could help 5G and other wireless networks select and share communications frequencies about 5,000 times more efficiently than trial-and-error methods.
All too often, business leaders, city planners, fire departments, and law enforcement focus on their mandates to the exclusion of others. Unfortunately, this approach can lead to a breakdown in communication and missed opportunities. In the worst cases, it can create a lapse in security that could make their city and its citizens vulnerable to criminal activity and terrorist attacks. But, by eliminating these silos and fostering strong communication, stakeholders can share information that allows them to quickly address evolving situations.
ON DEMAND: In today's tumultuous global climate, where corporations span countries and employee travel is essential to doing business, crises are inevitable. This is why corporate security teams must always be ready for the unexpected and have procedures and plans in place to respond quickly and efficiently. A lag in crisis response or an ineffective response can cost money, resources, and even lives.
ON DEMAND:A critical event is defined as an incident that disrupts normal operations, such as severe weather, crime, violence and critical equipment or technology failures. Business continuity and crisis response plans can only go so far if there isn't buy-in across functions, with executive-level support.
ON DEMAND: From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
ON DEMAND: The current novel coronavirus (2019nCov) outbreak has been spreading across the globe infecting thousands of people in dozens of countries. This has created anxiety around the globe, affected company supply chains and caused The World Health Organization to enact the Public Health Emergency of International Concern (PHEIC) designation for only the sixth time since 2005.
This month in Security magazine, we highlight COVID-19 and enterprise security's response. How has the pandemic changed business continuity plans, and what lessons have been learned? Also this month, we profile Chris Hallenbeck, CISO at Tanium, his view on metrics and information security. In addition, security experts discuss video analytics, how to make AI work within your cyber strategy and more.