Author Archives: George V. Hulme

Survey finds hybrid cloud security growing pains

Posted on by

There’s no doubt that enterprises are embracing cloud computing, but not-so-surprising that enterprises repeatedly say that they need heightened visibility and security management capabilities so they can more effectively deploy applications, defend against cyberattacks, and mitigate regulatory compliance risks, a recent survey found.

The post Survey finds hybrid cloud security growing pains appeared first on Security Boulevard.

Continue reading Survey finds hybrid cloud security growing pains

FDA Seeks Secure Medical Device Development Lifecycle

Posted on by

Business Insights readers are certainly well aware of the sorry state of connected medical device security. We’ve covered it in posts such as St. Jude Takes Steps to Secure Vulnerable Medical Implants and U.S. DHS and FDA Face Medical Device Security Woes. In the later post we covered how the FDA is working to foster a culture of continuous quality improvement.

The post FDA Seeks Secure Medical Device Development Lifecycle appeared first on Security Boulevard.

Continue reading FDA Seeks Secure Medical Device Development Lifecycle

Research Suggests Doubts Persist over Cloud Cost, Integration, and Flexibility

Posted on by

In a survey and research, The Future of Hybrid Cloud, highlights that while enterprises are moving to cloud — it’s not a smooth transition as some like to proclaim.

The post Research Suggests Doubts Persist over Cloud Cost, Integration, and Flexibility appeared first on Security Boulevard.

Continue reading Research Suggests Doubts Persist over Cloud Cost, Integration, and Flexibility

No Mr. Equifax CEO, You Don’t Get to Blame One “IT Guy” for Your Breach

Posted on by

Don’t blame former Equifax CEO Richard Smith that 145.5 million U.S. consumers had their most sensitive credit information stolen under his watch, or that just over 15 million in the U.K. suffered the same fate. It really wasn’t his fault. To some credit, in prepared testimony, when Mr. Smith recently went to Washington he did..

The post No Mr. Equifax CEO, You Don’t Get to Blame One “IT Guy” for Your Breach appeared first on Security Boulevard.

Continue reading No Mr. Equifax CEO, You Don’t Get to Blame One “IT Guy” for Your Breach

The rising security risk of the citizen developer

Posted on by

While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.

The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren’t reined.

To read this article in full or to leave a comment, please click here

Continue reading The rising security risk of the citizen developer

Posted in Uncategorized

The rising security risk of the citizen developer

Posted on by

While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.

The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren’t reined.

To read this article in full or to leave a comment, please click here

Continue reading The rising security risk of the citizen developer

Posted in Uncategorized

What makes a good application pen test? Metrics

Posted on by

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?

What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.

To read this article in full or to leave a comment, please click here

Continue reading What makes a good application pen test? Metrics

Posted in Uncategorized

The 10 essential Reddits for security pros

Posted on by
Going viral
1 reddit intro

Image by IDG

Reddit isn’t just about viral news stories and viral memes or heated thread debates, although there is always plenty of that on the sharing and social media site. For security professionals, as well as those interested in pursuing the field of cybersecurity, there is a wealth of advice, content, and conversation from deep and dirty forensics work to the latest on cyberlaw and everything in-between — if you know where to look.

To read this article in full or to leave a comment, please click here

Continue reading The 10 essential Reddits for security pros

Posted in Uncategorized

The 10 essential Reddits for security pros

Posted on by
Going viral
1 reddit intro

Image by IDG

Reddit isn’t just about viral news stories and viral memes or heated thread debates, although there is always plenty of that on the sharing and social media site. For security professionals, as well as those interested in pursuing the field of cybersecurity, there is a wealth of advice, content, and conversation from deep and dirty forensics work to the latest on cyberlaw and everything in-between — if you know where to look.

To read this article in full or to leave a comment, please click here

Continue reading The 10 essential Reddits for security pros

Posted in Uncategorized

7 (more) security TED Talks you can’t miss

Posted on by
Second edition
00 tedtalk opener

Image by Thomas Xu

The first list 10 security Ted Talks you can’t miss was so popular we decided to serve another. So here is another batch of must see security and privacy videos. In this selection you’ll find speakers taking on some of the most pressing, and persistent, security and privacy challenges of our time, from how society can fight the war on terror while maintaining the social values we cherish to Bruce Schneier’s talk on how challenging it is for us to evaluate and understand risk. It’s a must-see talk. Well, we think they all are, so enjoy.

To read this article in full or to leave a comment, please click here

(Insider Story)

Continue reading 7 (more) security TED Talks you can’t miss

Posted in Uncategorized