“We live in a world where we’re ceding a lot of our power to other companies,” said Bruce Schneier (@schneierblog), security blogger and author of “Liars and Outliers” in our conversation at the 2013 RSA Conference in San Francisco. Schneier was referring to companies such as Google and Facebook that control our data as well as companies that control our devices, such as Apple. “These companies...

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation of mobile devices in the workplace and use of Wi-Fi...

Tips from six CSOs/CISOs from varied industries who have actually applied risk-based security management to their business.

Last week, I sat in on a briefing by a guy who calls himself “Four” who happens to be involved in intrusion detection for Facebook. He shared some interesting perspective at the Black Hat conference through a discussion of ”Intrusion Detection Along the Kill Chain.” The information Four presented is based on the work done by Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, Ph.D of Lockheed...