Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo


Three "E"s of Modern Email Security for Phishing: #2 Employee Focus

The first "E" of modern email security for phishing is Enhanced technology that works to limit the delivery of phishing emails to users within your organization. The second component of the three-pronged approach to mitigate phishing attacks is Employee focus. It is important that your employees are educated, aware and engaged in preventing a phishing attack. Relying [...] Read more

Read more

Android Hacker’s Handbook Crowd Sourced Q & A Session

Recently I participated in a live crowd sourced question and answer session on a popular user-submitted content website. Along with my fellow authors of “Android Hacker’s Handbook”, we fielded questions from users about everything from our writing process to the most interesting mobile bug we’ve come across in our research. Because threats are constantly changing, [...] Read more

Read more

Planning for a DDoS Attack

Last week several prominent DDoS (distributed denial of service) attacks were in the news, specifically targeting the popular note-taking app Evernote and the RSS reader Feedly. These attacks, along with others over the years, should serve as a call to attention that if an organization provides services to internet users, they must be prepared for [...] Read more

Read more

Common Failures of Third-Party Risk Assessments

Third-party risk analysis – whether used to evaluate partners, service providers or suppliers – is a necessity in today’s business landscape. Assessing the services provided by external agencies is often as critical to an organization’s success as their own internal practices. However, many companies follow inconsistent approaches that don’t give an accurate picture of the [...] Read more

Read more

Reviewing Third-Party Security Controls

In our last blog post, we discussed how to secure your house against theft—that is, how to protect your organization against third-party risks. Luckily, you don’t have to put bars on all the windows and station guard dogs at every entrance. An intelligent review of the relative risk of each third party can help you assign [...] Read more

Read more

How Do You Measure Third-Party Risk?

How often do thieves use the front door to commit a robbery? I don’t know from experience, but I’ve been told that most go through a window or back door. Third parties can be the back door of a company, and increasingly the source of security failures, financial difficulties, and other problems that disrupt business [...] Read more

Read more

Managing Third-Party Risk

Today, most organizations are outsourcing critical business operations to third parties. While internal business activities present a level of risk, third-party relationships can significantly increase the level of risk an organization is facing.  The quantity, cost and difficulty of performing due diligence on third parties makes managing third-party risk especially challenging. Earlier today we published [...] Read more

Read more
(135 Results)