Please note, MISTI is in the process of changing our payment details. Please contact us for further details and on ways to pay at misti@misti.com or +44 (0) 203 819 0800. We are sorry for any inconvenience.
MIS|TI EMEA
USA EMEA / APAC
  • LinkedIn
  • Twitter
  • About MISTI
    • Overview
    • FAQs
    • Contact Us
    • Instructor Bios
    • Management
  • Contact

Questions? Call +44 (0)20 3819 0800

  • LinkedIn
  • Twitter
USA EMEA / APAC

Event Search

  • About MISTI
    • Overview
    • FAQs
    • Contact Us
    • Instructor Bios
    • Management
  • Contact

Questions? Call +44 (0)20 3819 0800

  • Training
    • Public Training Courses
    • In-House Training
    • Training Weeks
  • Conferences
    • CISO Europe
    • Audit Risk Governance Africa
    • Sponsorship Information
    • Bespoke Dinners
    • Call for Speakers
  • News & Articles
    • Internal Audit Insights
    • InfoSec Insider
    • Resource Centre
  • E-Learning
  • Quick Links
    • Training Weeks
    • Sponsorship Information
    • Ways to Save
    • Request Information
    • Call for Speakers
    • Newsletter Sign Up
  • Event Search
  • Training
    • Public Training Courses
    • In-House Training
    • Training Weeks
  • Conferences
    • CISO Europe
    • Audit Risk Governance Africa
    • Sponsorship Information
    • Bespoke Dinners
    • Call for Speakers
  • News & Articles
    • Internal Audit Insights
    • InfoSec Insider
    • Resource Centre
  • E-Learning
  • Quick Links
    • Training Weeks
    • Sponsorship Information
    • Ways to Save
    • Request Information
    • Call for Speakers
    • Newsletter Sign Up
  • Event Search

  2. Home
  3. Infosec Insider

Infosec Insider

ft: f: 2000-01-01t: 3000-01-02c: 2018-12-13
asdf
Featured Article:

Leveraging Collaboration and SOAR to Secure Our Digital Future

By Cody Cornell
December 11, 2018
The idea behind collaborative security is to change the security and threat landscape from the daunting “one vs. many” to “many vs. many,” embracing the power of knowledge and collaboration to protect valuable data.

Cybersecurity 101: How to Get Started in the Business (Part 2)

By Ed Moyle and Raef Meeuwisse
December 06, 2018
In this walkthrough, InfoSec Insider experts Ed Moyle and Raef Meeuwisse demonstrate one useful exercise that can aid security practitioners in getting a lay of the land in their organisation, serving as the perfect first step in ultimately measuring and reducing information security risks.

Considerations for Cloud Service Providers on the Path to FedRAMP Accreditation

By Baan Alsinawi
December 04, 2018
The government has urged the private sector to offer agencies secure cloud solutions through the FedRAMP accreditation, which establishes baseline standards for security assessment, authorization, and continuous monitoring. Here, we provide six key considerations to help guide FedRAMP accreditation efforts.

Cybersecurity 101: A Discussion on the Basics and Fundamentals

By Ed Moyle and Raef Meeuwisse
December 04, 2018
InfoSec Insider SMEs Ed Moyle and Raef Meeuwisse are back, but this time they're talking fundamentals. If you're an up-and-coming security warrior, you'll definitely want to heed this advice from the two infosec experts.

An Open Source Intelligence (OSINT) Revolution, You Say?

By Jim Romeo
November 27, 2018
As a security practitioner, we're sure you've heard of the benefits that open source intelligence (OSINT). But what exactly is it and how can you leverage it as it relates to your current security strategy? This article answers that question and more.

Do you really need a penetration test?

By Ed Moyle
November 19, 2018
This will probably be a contentious point for some, but there are situations where a penetration test isn’t the best use of an organization’s resources. Here, we examine what is (and isn't) a pentest, and what its goals should be depending on your organization's needs.

How to Communicate Threat Intelligence to the Board

By Marcos Colón
November 15, 2018
Cyber threats are top of mind for board members, but communicating cyber threat intelligence may not be the easiest task for security leaders. In this recent interview with Tim Callahan, senior vice president and global security officer at Aflac provides some helpful tips that could go a long way.

How to Train Your Team (and Organisation) to Effectively Use Threat Intelligence

By Josue Ledesma
November 13, 2018
Threat intelligence has transformed the information security world for the better but it’s not always leveraged in the best way possible by organisations and departments. InfoSec Insider spoke to threat intel expert Karl Sigler to get a sense of how organisations can maximize threat intelligence for their organisation.

What’s Next for IoT Security?

By Marcos Colón
November 08, 2018
InfoSec Insider catches up with Armis co-founders Yevgeny Dibrov and Nadir Izrael who discuss the current climate as it relates to IoT security, and offer up some dos and don’ts when it comes to connected devices within the enterprise.

4 Things to Know About Penetration Testing & AI

By Min Pyo Hong, CEO and Founder, SEWORKS
November 05, 2018
Conducting penetration testing via simulated attacks on your organisation's network is the best way to help your business evaluate the strength of your network security protocols and identify any backdoors, weaknesses, and gaps between different security tools, and prioritise risk. This contributed article explains why.

Common Application Vulnerabilities You Should Know About

By Marcos Colón
November 01, 2018
While patching vulnerabilities seems like a “low-hanging fruit” task for many security practitioners, it seems as though many still fail to do so. In this interview with application security expert Chris Eng, he highlights the common blind spots associated with vulnerability management.

So, How Strong Are Your Organisation's Passwords?

By Marcos Colón
October 25, 2018
Ntrepid Corporation’s Chief Scientist Lance Cottrell chats with InfoSec Insider and offers up the major dos and don’ts tied to password management, as well as pinpoints the significant weaknesses in some of the systems we’ve come to rely on heavily.

Are You Investing in the Right Cybersecurity Tools?

By Marcos Colón
October 23, 2018
NSS Labs CEO Vikram Phatak speaks with InfoSec Insider and offers up tips to up-and-coming security professionals on how to make smart and effective cybersecurity solution purchasing decisions. From blocking out buzzwords and marketing jargon to building a great team, here’s what you need to know.

Why Data Privacy and Policy Training Matters

By Josue Ledesma
October 23, 2018
Data privacy and protection is an often underappreciated aspect of information security, but in many ways, it provides the foundational groundwork for a well-established security environment that offers internal and external reassurance. Here's why and how you should train up your team.

The New Regulatory Wrinkles for Data Protection You Should Know About

By Aaron Turner
October 16, 2018
We’ve seen the rules for data security change from relatively simple policies, such as simple access controls, to much more complex policy requirements with the implementation of GDPR. This article’s intended to cover three new perspectives that will influence data protection controls in the coming years.

Cryptocurrency Mining Malware and Cryptojacking: What to Know and How to Protect Your Organization (Part 2)

By Ed Moyle
October 10, 2018
On Tuesday InfoSec Insider kicked off a how-to video series that focuses on topics surrounding the challenges that our readers face on a daily basis. In this companion video, security expert Ed Moyle provides a deep dive on how you can protect your organization from cryptocurrency mining malware and cryptojacking.

Need a Concise Guide to Pen Testing? Here It Is.

By Jim Romeo
October 08, 2018
What's the best way to detect network risks and other vulnerabilities from cyber threats? If you guessed a pen test, then you're right. In this feature article, we've created a no-nonsense that answers pertinent questions about penetration testing.

Cryptocurrency Mining Malware and Cryptojacking: What to Know and How to Protect Your Organisation

By Ed Moyle and Raef Meeuwisse
October 08, 2018
Security experts Ed Moyle and Raef Meeuwisse dissect the topic of cryptocurrency mining malware and cryptojacking; what it means to you as a security professional and how you can protect the enterprise from it.

Security Automation is Here. Now What?

By Marcos Colón
October 02, 2018
What's the best way to detect network risks and other vulnerabilities from cyber threats? If you guessed a pen test, then you're right. In this feature article, we've created a no-nonsense that answers pertinent questions about penetration testing.

Creating the Perfect Incident Response Playbook

By Marcos Colón
October 01, 2018
Arctic Wolf’s Sam McLane sits with InfoSec Insider at Black Hat, a security conference in the US, to discuss the major dos and don’ts when it comes to incident response, in addition to some misconceptions that some security practitioners may have on the topic

Social Mapper: The What, Why, and How

By Marcos Colón
September 30, 2018
InfoSec Insider catches up with Trustwave SpiderLabs Threat Intelligence Manager Karl Sigler on the company’s latest open source tool which enables penetration testers and red teasers to scrape social media data.

A Discussion on Dark Web Threats in 2018

By Marcos Colón
September 20, 2018
InfoSec Insider catches up with Digital Shadows CISO Rick Holland, who discusses the latest dark web threats this year, and what security practitioners should have on their radar.

A Look at the Windy City’s Newest Cyber Command Center

By Marcos Colón
September 18, 2018
InfoSec Insider takes a first-hand look at Trustwave’s new SpiderLabs Fusion Center in Chicago and speaks with Chris Schueler, senior vice president of managed security services, on the purpose behind its creation.

Election Security in 2018: What’s Next?

By Marcos Colón
September 14, 2018
Forcepoint’s Dr. Richard Ford discusses the impact that the 2016 election meddling had on the cybersecurity community, and the lessons learned that security practitioners should take note of, but most importantly, act on.

Disable PowerShell? How about control it instead?

By Ed Moyle
September 11, 2018
At the end of the day, PowerShell is an enormously flexible, valuable, and helpful tool in any enterprise administrator’s toolbox, so “turning it off” isn’t really a viable option for most shops. In this informative feature, subject matter expert Ed Moyle explains why.

Back to the Basics: The State of Cyber Hygiene in 2018

By Marcos Colón
September 06, 2018
Tripwire's Tim Erlin chats with InfoSec Insider on the state of cyber hygiene in 2018, where we are, why we're there, and highlights different areas that security practitioners are failing to cover as it relates to securing the business.

Push Authentication: Bringing the Most Secure Method of 2FA Mainstream

By Simon Thorpe
September 04, 2018
For consumers looking for an easier-to-use login experience, there is a solution: push authentication. This approach is a vast improvement over sending a one-time passcode via SMS and is truly the most secure method of 2FA.

More Humans Needed: Closing the Cybersecurity Talent Gap

By Marcos Colón
August 30, 2018
Cybrary COO Kathie Miley pinpoints the real issues organizations face when it comes to the cybersecurity talent shortage, why employers are doing a good job of finding the right talent only in certain circumstances, and the impact the cybersecurity solutions market is having on the talent shortage.

The Evolved Perimeter: IoT Identity and Integrity

By Jackson Shaw, VP of Product Strategy, One Identity
August 28, 2018
The rise of IoT has introduced new challenges to security in the enterprise. Like most security challenges, protecting against threats is the basic work of good IT hygiene. Organizations can adopt existing identity management best practices to meet this new challenge.

The State of Mobile Payments Security

By Aaron Turner
August 23, 2018
What is the bottom line from a security perspective when it comes to mobile payments? In the current state of the ecosystem, mobile security expert Aaron Turner offers up his take and advice on the topic.

Understanding Zero Trust: A New Strategy for Cyber Defense

By Pravin Kothari, CEO, CipherCloud
August 21, 2018
The idea that all internal networks should be considered trusted while external networks should be trusted was fundamentally wrong. This featured article describes why the move to the cloud has also accelerated the movement to Zero Trust.

Intelligent Context Monitoring for Security Operations

By Vijay Dheap
August 16, 2018
The context around security events is essential to qualify if those events are false positives or worthy of a security response. However, today security operations are predominantly focused on event monitoring and rely on security analysts to reconstruct context.

GDPR is Here...So What's Next?

By Heather Dean Bennington
August 14, 2018
GDPR was a major focus for many organizations this year. Whether it has been extensive business process mapping, understanding the purposes of personal data, or defining its scope. But now that it's here, what should security professionals focus on next?

How Infosec Can Put More “Intelligence” into Operationalizing Threat Intelligence

By Marcos Colón
August 09, 2018
Threat intelligence expert Dave Ockwell-Jenner discusses how organizations have changed the way they approach threat intelligence, and provides the primary Dos and Don’ts associated with developing a successful threat intelligence program.

Blockchain: What It Is and What It Means for InfoSec

By Josue Ledesma
August 07, 2018
Blockchain has become the new buzzword of choice across a wide spectrum of industries, such as finance, tech, and the information security industry. However, what blockchain is and what its applications are still seem to be unclear. This article sets the record straight.

Phishing Scams: Fact or Fiction?

By Karl Sigler
August 06, 2018
Phishing attacks aren't going anywhere any time soon. In fact, these scams have only grown in popularity among attackers. This helpful article dispels the four common phishing myths to help employees and outside partners be even more adept at identifying these crimes.

Mobile Privacy & Infosec Tips for Frequent Travelers

By Aaron Turner
August 03, 2018
Summer will be over before you know it and for many of you, it might be time to hit the road again for business travel. Before you pack up all of your devices, you might want to keep some of this advice in mind to ensure your data is secure.

Tips on Creating Your Own Bug Bounty Program

By Marcos Colón
August 02, 2018
Bugcrowd Founder Case Ellis discusses the evolution of bug bounty programs and their impact on information security, in addition to providing tips on the key areas to focus on when it comes to developing a bug bounty program at your organization.

How to Build Practical Cross-Training in Infosec

By Ed Moyle
July 31, 2018
Given the skills gap in information security, it's important for cybersecurity managers to diversify and expand the skill base of their team members. Here, we highlight how they can do it from a practical point of view.

The Cyber Threat Alliance: Making Cybersecurity Collaboration Work

By Marcos Colón
July 26, 2018
The Cyber Threat Alliance’s Chief Analytic Officer Neil Jenkins provides update on the state of information sharing in 2018 and provides some insight on the steps security practitioners can take if they’re interested in sharing their threat data.

Mobile Privacy & Infosec Tips for Frequent Travelers

By Aaron Turner
July 24, 2018
Summer will be over before you know it and for many of you, it might be time to hit the road again for business travel. Before you pack up all of your devices, you might want to keep some of this advice in mind to ensure your data is secure.

Know Your Inventory: A CISOs Guide to Asset Management

By Josue Ledesma
July 23, 2018
A CISO’s list of responsibilities are vast. They need to protect, defend, and identify any risks and potential attacks that may hit their company’s environment. However, knowing what needs protection is its own challenge.

Analyzing Your Government Contract Cybersecurity Compliance

By Robert Jones
July 20, 2018
If you're a government contractor or a government entity hiring contractors, you need to know the ins and outs of the new FAR and DAR Councils' cybersecurity rules for government contractors.

When Is It Time to Share Your Secret Sauce?

By Marcos Colón
July 19, 2018
When is it time for your organization to share cybersecurity information with its competitors and how much should you be sharing? We interview two industry experts that provided us with their take on the topic in this featured video interview.

Are Security Professionals Doing Enough?

By Marcos Colón
July 12, 2018
Cybereason’s Israel Barak discusses the approach that far too many businesses take when it comes to their security strategy and highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.

First-Hand Experience in Developing a Threat Hunting Program

By Jessa Gramenz
July 10, 2018
Developing a threat hunting program may be challenging, but it doesn’t have to be. In this feature article, one subject matter expert provides us with a glimpse into her experience on the topic and what you can expect. 

How Hacked Elections Impacted the Security Industry

By Marcos Colón
July 05, 2018
CA Veracode’s Chris Wysopal discusses how the 2016 presidential election hack broadened the horizon on how security warriors think about defending their data and offers up advice on what they should consider when it comes to protecting sensitive information.

Looking to Benefit from AI? Build Something!

By Marcos Colón
June 28, 2018
Cylance’s Colt Blackmore discusses why leveraging AI isn’t limited to purchasing an out-of-the-box solution and details the critical steps that security practitioners should take to successfully utilizing the technology to their organization’s advantage.

A Primer on Breach and Attack Simulations

By Adrian Sanabria
June 26, 2018
In this age of vendors offering simple solutions to complex problems, defenders need the ability to see past the glamour of marketing. That's where attack simulation technology can help, enabling use cases in the market that help answer pressing questions in enterprise security.

Cover Your Bases: Areas to Focus on in Your Information Security Strategy

By Marcos Colón
June 21, 2018
Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.

Imagine If Security Solutions Understood Our Language?

By Vijay Dheap
June 19, 2018
It's up to security professionals to infer security significance of all the events security solutions report. The first step to arriving at an answer to this intractable problem is teaching our security tools to understand us. Advancements in Natural Language Processing could help.

Have Point Solutions Reached End of Life?

By Katherine Teitler
June 18, 2018
The infosec tools market can be overwhelming with its abundance of options. How do you choose the best tool for your environment? This informative article will help point you in the right direction.

The CISO of Yesterday, Today, and Tomorrow

By Marcos Colón
June 14, 2018
SAP CSO Justin Somaini discusses how the role of the CISO has evolved into what it is today, and what up and coming security leaders should prepare for once they take charge of a security program at a major organization.

The Dark Web: What You Should Know and Why You Should Care

By Josue Ledesma
June 12, 2018
The dark web is one of those elusive subjects that can often get misinterpreted. We spoke to Reclamere's Connie Mastovich to get her expert take on what the dark web is, what risk it poses to companies, and how to protect yourself from it.

Why is DNS Underutilized as a Security Tool?

By Marcos Colón
June 07, 2018
Farsight CTO Merike Kaeo discusses why DNS is still be underutilized as a security tool today, shares some examples of lessons-learned that could apply to you, and provides steps you can take to ensure you’re taking advantage of your DNS infrastructure.

How to Make Sense of Attack Patterns

By Josue Ledesma
June 05, 2018
In this featured post, we speak to TrustedSec Founder Dave Kennedy who offers up advice on how you can set up your security department’s defenses to respond and defend against common attacks.

Third-Party Vendor Relationships are Risky Business

By Katherine Teitler
May 25, 2018
While third-party vendor relationships can provide tremendous benefits, partnering does not relieve the primary organization of its security and compliance obligations.

Artificial Threat Intelligence: Using Data Science to Augment Analysis

By Lance James
May 25, 2018
Data science can help analysts make more informed threat intelligence decisions...but only if it's integrated correctly.

From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises

By Giovanni Vigna
May 24, 2018
Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.

How to Speak the Business of Security Effectively

By Marcos Colón
May 24, 2018
Cisco's Edna Conway shares her insight on what infosec leaders can do to ensure that security becomes an active discussion about the way you operate within the business, rather than an added bolt-on feature.

What is Attack Driven Development?

By Marcos Colón
May 17, 2018
Bugcrowd’s Keith Hoodlet outlines the importance of attack driven development and offers up the key steps security practitioners should take for this approach to have a positive impact on their overall security strategy.

Crisis Communications in a Headline-Driven World

By Katherine Teitler
May 15, 2018
Media communication in the face of a cybersecurity incident often gets the shaft in favor of incident handling, but what you don't handle can come back to haunt you.

How Security Leaders Can Get Proactive with Their Comms Departments

By Marcos Colón
May 10, 2018
Uber’s Melanie Ensign discusses the relationship between the communications function and infosec teams and offers up some uncommon communication tips for security leaders that may have a skewed view of the communications department within their organization.

A Look at the Current State of Mobile Security

By Aaron Turner
May 08, 2018
Enterprise security practitioners can greatly improve their network security posture, if only they would take the time to right-size mobile security policies.

How the 'Fog of More' Bogs Down Infosec Pros

By Marcos Colón
May 03, 2018
Given the troves of education information, training, and technology available to security professionals, you’d think they’d be a step ahead of malicious actors. But this overabundance of information may actually be causing more harm than good. Here’s what one expert had to say about the “fog of more.”

ISACA Workforce Development Report Highlights Need for More & More Qualified Security Employees

By Katherine Teitler
May 01, 2018
Cybersecurity staffing requires more than simply finding enough people to accomplish tasks.

Selling Security Metrics to the Board of Directors

By Katherine Teitler
April 30, 2018
For security metrics to be relevant to the board of directors, security teams must tell the story of how those metrics are supporting business goals. How to accomplish this is no easy task.

Are You Taking the Right Approach to Threat Intelligence?

By Marcos Colón
April 26, 2018
Are you taking the right approach when it comes to threat intelligence? We caught up with one subject matter expert that provides some uncommon tips on developing a successful threat intelligence program.

How to Manage Your Security Post-Conference Inbox

By Katherine Teitler
April 24, 2018
Cybersecurity conferences often lead to inbox overload, but they don't have to if the onsite experience is managed correctly.

Are You Over- or Under-Investing in Cybersecurity?

By Marcos Colón
April 19, 2018
We caught up with one CISO that shares his advice on what security leaders can do to ensure they're taking the right approach to budgeting as it relates to their overall security strategy.

Cybersecurity Executives Misalign Concerns with Actions

By Katherine Teitler
April 17, 2018
Cybersecurity teams seem to understand their biggest areas of challenge, yet the action to put effort behind remediating those problems falls short.

How to Proactively Hunt for Cyber Threats

By Marcos Colón
April 12, 2018
InfoSec Insider catches up with one threat expert who discusses why security professionals should consider a proactive threat hunting model, and outlines how they can take that approach.

Cloudy With a Chance of Shared Security Responsibility

By Katherine Teitler
April 10, 2018
 Today, most reputable cloud service providers are security conscious, yet users remain responsible over many—but varying—aspects of information security. Here, we take a look at the three most common public cloud models that should be on your radar.

How to Avoid Becoming the Security Scapegoat

By Katherine Teitler
April 09, 2018
When a company falls victim to a cyber incident, security personnel are often in the line fire--especially when they've focused only on the technical side of the job. Here we provide some tips that can lessen the chances that any one person will bear the absolute blame.

Five Cyber Risks Your Organization is Likely to Encounter

By Katherine Teitler
April 03, 2018
Today's threat landscape is like a tentacled sea monster that security practitioners have to battle on a daily basis. In this feature story, we highlight the top five most likely cyber risks to organizations today.

5 Ways to Make Your IR Plan Actionable

By Katherine Teitler
April 02, 2018
If you're looking to ensure that your cyber incident response plan doesn't turn into shelfware, here are five ways to make it actionable. 

NIST Addresses IoT Security Concerns as Lawmakers Float Certification

By Katherine Teitler
March 27, 2018
With more everyday products being built with internet connectivity capabilities, cybersecurity practitioners have become concerned about the security and privacy of those devices. The state of IoT security is pretty grim, but will proposed guidance and regulations improve processes?

Privileged Identities: Who's Watching the Watchers?

By Katherine Teitler
March 08, 2018
Jonathan Sander addresses why security teams fail at controlling privileged identities, and what they should be doing that won't upset the apple cart.

Key Questions to Ask Your Cybersecurity Recruiter

By Katherine Teitler
March 01, 2018
There is no question that the cybersecurity job market is hot, but not any old recruiter is suited to help you with your hiring needs.

Lessons Learned from Running Which Also Apply to a Career in IT

By Jeremy Finke
February 02, 2018
What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.

Be Mindful of the Password-Storing Mechanism You Choose

By Katherine Teitler
January 18, 2018
Browser password-saving tools are convenient and may allow account holders to apply stronger passwords, but they're not security tools.

Psyber Intelligence Part 2: Hacking Social Intelligence

By Lance James
January 11, 2018
Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.

The Rise of the Virtual Cyber Security Leader

By Dominic Vogel
November 27, 2017
Learn why the virtual CISO is quickly becoming an attractive option for enterprises.

Psyber Intelligence Part 1: Understanding the Human at the End of the Keyboard

By Lance James
May 31, 2017
The information security professional's guide to human intelligence collection.

CPE imageMIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.  

Copyright ©2018 MIS Training Institute Holdings, Inc. All rights reserved.  
Contact Us | Privacy | Terms and Conditions | Cookie Policy | Site Map