The National Vulnerability Database (NVD is a leading source of intelligence on vulnerabilities for InfoSec professionals, and while it provides many benefits, it also has its limitations. This article will explain the advantages of using the NVD for vulnerability management, point out some of the blind spots that have occurred recently, and recommend best practices for successful mitigation.
Identity theft is on the rise and the latest data breach from Equifax could bring an “avalanche” of cyber crime with losses of billions of dollars. These are times when the individual response of each one of us could urge our government to stop the growing crisis, and to change flawed credit application processes that lie at the core of it. The five steps described in this article are useful to those affected and whose privacy might be breached. A personal story highlights that identity theft is more common than people expect.
Ronald Reagan famously said "The most terrifying words in the English language are: I'm from the government and I'm here to help" and he was right, especially when the IRS is involved. That said, occasionally a government agency does help and a recent document published by the National Institute of Standards and Technology (NIST) clears up a topic that really matters to all of us: How to passwords should be built.
We live in a technology-hungry society where consumers are accustomed to the convenience of technology without understanding the risks and vulnerabilities that come with it. In this part 1 of 2 InfoSec Life articles, Phil Agcaoili, CISO, discusses the five core issues of basic cyber hygiene.
When it comes to ingesting, digesting, and applying threat intelligence in a meaningful way, it can seem like information overload. With their Threat Catalogue, HITRUST is helping the healthcare industry overcome this challenge with a complete list of security and privacy threats geared toward the threats the industry faces on a daily basis.
At this year’s AppSec California conference – a yearly event for InfoSec professionals, developers, pentesters, and QA and testing professionals – the Women in Security panel was among the most highly attended, a very clear indication that this topic resonates strongly with both women and men.
In the fragmented world of cybersecurity, equipping small businesses for cyber threats and preparing the next generation of infosec professionals will require community-based workforce development.
Expert analysis by Candy Alexander of a recent study from ISSA and ESG emphasizes the need for more formal planning in career advancement in cybersecurity.
San Diego is a boomtown for transitioning service members and veterans entering cybersecurity. Ken Slaght shares opportunities and resources offered by the San Diego Cyber Center of Excellence.
With adoption of cloud applications on the rise, organizations need a plan for reducing the risk of shadow IT while allowing their organizations to enjoy the cloud's benefits.
How can education be used to produce the next generation of cybersecurity experts? The National Initiative for Cybersecurity Education (NICE) is bringing solutions and networking opportunities to Kansas City in its annual NICE Conference and Expo.