The 10th Cyber & Information Security Research (CISR) Conference at Oak Ridge Tn, 7-9 April 2015


The 10th Cyber & Information Security Research (CISR) Conference, 7-9 April 2015, will be held at the Conference Center, 2nd Floor, Building 5200, Oak Ridge National Laboratory, Oak Ridge, Tennessee. The conference brings together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security. manufacturing program (

Cyber Catalyst Brings Minimal Value To Businesses

Forrester IT

In late March, Marsh announced the launch of a program with a number of leading cyberinsurance firms including Allianz, AXA, Beazley, XL, and Zurich to evaluate cybersecurity products and services. cybersecurity information security Insurance security & risk Cyberinsurance

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Building The Language Bridge Between Security and the C-Suite

Forrester IT

If you had half an hour with a board member, and you wanted to get coaching from them about how to communicate with them about security, what would you ask them?

Enterprise Meets Consumer Security: Exploring Approaches To Protect Employees At Home

Forrester IT

Does your organization have a strategy for protecting employees at home as a part of your overall cybersecurity program? Something that could include, but really goes to a place that is beyond awareness training?

Automation For The Better Good - Security

Forrester IT

What these tasks have in common (in addition to relying on automation): a critical dependence on security. When you accept that jury duty request, you have faith that your PII (personally identifiable information) is being protected. In a world where infrastructure-as-code scales quickly and massively scales, it is crucial to bake in security at every level of the stack. Information Security. Security Operations & Program Governance.

An update on the bounty programs

IT Pros Rock!

Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty program, which covered the first 30 days of the preview period. BlueHat Prize Bounty Programs BlueHat Challenge

Information Risk: Three Lessons for CISOs from Yahoo’s Rough Six Months


But for now, chief information security officers (CISOs) should take three core lessons on board. CISOs also play a critical role in helping the senior M&A team understand how information risks associated with M&A can manifest as business risks with poor financial outcomes.

Information Risk: How to Manage the Company’s Demand for Your Services


Information security teams face an unprecedented level of demand for their services right now. The strain on the time and resources of information security teams is understandable ( as Yahoo can attest ), and even though their companies are stumping up money, information security budget growth is slowing. Automating operations and governance activities offers the best chance to meet information security demands.

AI will transform information security, but it won’t happen overnight

Network World

These algorithms draw inferences without being explicitly programmed to do so. Although it dates as far back as the 1950s, Artificial Intelligence (AI) is the hottest thing in technology today. An overarching term used to describe a set of technologies such as text-to-speech, natural language processing (NLP) and computer vision, AI essentially enables computers to do things normally done by people.

Prepare for The Cyber Threat : What Executives Need to Know to Manage Risk


FBI Director James Comey consistently underscores the threat of cybercrime to corporate America by repeating what security professionals have long known: “there are two kinds of companies in the United States, those who know they have been hacked and those that don’t know they have been hacked.”

Internet Two Seeks Chief Cyberinfrastructure Security Officer


Chief Cyberinfrastructure Security Officer. Position Summary: The Internet2 Chief Cyberinfrastructure Security Officer (CCSO) is the leader responsible for establishing the cyberinfrastructure security strategy and direction for Internet2′s global infrastructure programs. The CCSO reports to the Vice President for Network Services and will have responsibility for security across all Internet2 infrastructure programs. By Bob Gourley.

How Should CIOs Handle More Cybersecurity Regulations?

The Accidental Successful CIO

As our companies understand the importance of information technology and acquire more and more valuable information, the bad guys keep trying to find ways to break in and steal customer credit card and personal information.

Patient Portal Puts a Spotlight on Secure Messaging


For healthcare professionals participating in the Centers for Medicare & Medicaid Services electronic health record (EHR) incentive program, you’ll soon need to demonstrate compliance with the Stage 2 Meaningful Use requirements in order to continue receiving incentive payments.

Is your security program based on hard evidence or compliance voodoo?

IT Toolbox

What do you think of when you hear information security ? If you’ve been working in and around IT for a while, I’m guessing that things like documented security policies, network and endpoint controls, user training, disaster recovery plans and the like come to mind. After all, these elements make up the essence of a solid information risk management program.

Symantec Government Symposium 11 March 2014 at the Renaissance Hotel Washington DC


By Bob Gourley DC seems to have a cyber security related event every week. Here are details from the invite: Don’t miss this exciting opportunity to join 1500 IT leaders and innovators on March 11 to collaborate and discuss the top issues in IT security and management.

Continued Controversy over Smartphone Encryptions


With Edward Snowden’s revelations, the myriad of recent information breaches at large corporations, and the extraordinary level of digitalization in our country, the American public has never placed a higher value on cyber security. Director Comey identifies the new features as a marketing strategy targeting a perceived public demand – a marketing strategy with significant and detrimental consequences for national security.

Sources of cyber intelligence from governments and academia


Cyber intelligence is a growing discipline in the cybersecurity community, providing important information for cyber defenders in enterprises large and small. Most every enterprise with a mature understanding of the importance of protecting their digital assets has a cyber intelligence program underway. What many do not realize, however, is that there are some fantastic sources of cyber threat information available for free from the government and academia.

How to craft a security awareness program that works

Network World

Employees are often considered the weakest link in organizations' efforts to create a strong security posture. Even organizations with security awareness programs in place struggle to instill strong security behaviors. Steve Conrad, managing director of MediaPro , a learning services company that specializes in information security, data privacy and compliance, says organizations can and should do better.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient - Digital Transformation

In my own Windows 10 installation, the path to the Virtualbox binaries (specifically VBoxManage.exe) was not in my PATH, so the script searches the 64-bit Program Files directory. For more information, or for help assessing the security of your web applications, just contact us at Perficient.

How To Use The AWS API With S3 Buckets In Your Pen Test

Perficient - Digital Transformation

The Amazon AWS API allows you to control any AWS service through either a program or command line. In the AWS Management Console, look for the “IAM” link in the Security, Identity, & Compliance section as seen above.

How Microsoft Word “Protected View” Stops Information Leaks

Perficient - Digital Transformation

When you click on an ad, the ad server knows who you are by information added to the URL of the ad. Instead of a normal filename, provide the HTTP URL that will download the image, including the tracking information appended to it (i.e., But what other information has leaked?

Use Journey Analytics To Power Your Marketing Strategy

Forrester IT

I recently heard a story where a loyalty program member of an online retailer had her account hacked. Sure, the brand failed to keep her information secure – but where they really failed was in their next […]. Hackers then went on a shopping spree and as a result, she lost a significant loss of money. age of the customer

Best IT and Tech Blogs – Must Read Information Technology Resources 2019


Information Technology Blog - - Best IT and Tech Blogs – Must Read Information Technology Resources 2019 - Information Technology Blog. Information Technology is constantly changing. What is Information Technology? Our Information Technology Blog Picks.

Tech Blogs – Best Must Read Tech Resources 2019


Information Technology Blog - - Tech Blogs – Best Must Read Tech Resources 2019 - Information Technology Blog. Thus it is essential to always stay on top of news and information, whether it be by newsletter, following RSS feeds and blogs, tutorials or going back to school.

Best Tech Blogs – Must Read Tech Resources 2019


Information Technology Blog - - Best Tech Blogs – Must Read Tech Resources 2019 - Information Technology Blog. Thus it is essential to always stay on top of news and information, whether it be by newsletter, following RSS feeds and blogs, tutorials or going back to school.

Hottest tech skills to hire for in 2020

Hacker Earth

The benefits of honing technical skills go far beyond the Information Technology industry. Here are some of the hottest tech skills (a mix of programming languages, tools, and frameworks; in random order) to hire for in 2020, which will help you thrive in the workplace of tomorrow.

Explaining discrepancies in different security assessment reports

IT Toolbox

In my work performing independent information security assessments , I love seeing when my clients’ network environments become more secure over time. Steady and predictable progress is key to building a solid information security program and minimizing the risk of incidents and breaches. One thing that comes up every now and then

Report 100

Top Tech Websites 2019


Information Technology Blog - - Top Tech Websites 2019 - Information Technology Blog. Thus it is essential to always stay on top of news and information, whether it be by newsletter, following RSS feeds and blogs, tutorials or going back to school. Security Tech Blogs.

Apple 93

IT Security Entrepreneurs Forum (ITSEF) 2015 Speakers: A 17-18 March gathering of community-minded business and technology leaders


To register for the 2015 IT Security Entrepreneurs Forum (ITSEF) see: [link]. Here are key players Robert has lined up this year: IT Security Entrepreneurs Forum (ITSEF) 2015. Senior Director, Product Security & Privacy. Pindrop Security. Chief Security Officer. Deputy Chief Information Security Officer. Information and Cyber Security. Corporate and Information Security Services, Exelon. Chief Security Officer.

Five Things Your Startup Has to Do, Even After Your App Is Built


Information Technology Blog - - Five Things Your Startup Has to Do, Even After Your App Is Built - Information Technology Blog. Security. Security is a big deal. It is important that you keep user information secure, and it’s not just credit card information either.

Embracing mistakes in security

IT Toolbox

Managing an effective information security program isn't about avoiding mistakes. No security program in the history of IT has ever been perfect and free of setbacks. Some people will try to make you think that all is well – safe and secure – in IT but that's hardly the case. Instead, you have to look at what has happened as feedback on what works and what doesn’t.

Best IT Blogs – Must Read Information Technology Resources 2019


Information Technology Blog - - Best IT Blogs – Must Read Information Technology Resources 2019 - Information Technology Blog. Information Technology is constantly changing. What is Information Technology? Our Information Technology Blog Picks.

Information Risk: How APIs are Making Security Governance Easier


But now information risk teams are automating security governance by providing security capabilities via micro services and APIs. This automation approach offers multiple types of security components to developers. Information security teams are taking different paths.

Why you have to look past security policies for real improvements

IT Toolbox

Why you have to look past security policies for real improvements Security policies are all the rage these days. I think an outsider looking in at what it takes to build and run a solid information security program, it would be to have a set of well-written policies. After all, that's what the auditors ask for when they show up. It's also what the standards bodies emphasize. It's what the regulators

The Security Innovation Network Showcase: 3-4 Dec in DC


We have been long-term supporters of the Security Innovation Network (SINET) and believe this group plays an important role in being a catalyst for innovation around enterprise cyber security. This event helps highlight emerging technologies with potential dramatic positive impact on enterprise missions and also helps advance the exchange of ideas around mission needs and concepts of operation on enterprise cyber security. Networking Lunch – Information Sharing Hour.

Gartner Top 9 Security and Risk Trends for 2020


The shortage of technical security staff, the rapid migration to cloud computing, regulatory compliance requirements and the unrelenting evolution of threats continue to be the most significant ongoing major security challenges. Security

Trends 311

Tackle Tomorrow’s Digital Business Security Risks


Security and risk management leaders responsible for information security must evolve their practices and organizational cultures to keep pace with the digital business era. Risk management, governance, business continuity and people — the most important asset — are critical elements of a successful risk and security program,” says Earl Perkins , Vice President, Analyst at Gartner says. IT Security cybersecurity Digital Business risk risk management

Trusted Cyber Collaboration Workshop: A gathering of the leaders in secure collaboration and cyber security 24-26 Sep in DC


This gathering, facilitated by the Transglobal Secure Collaboration Participation (TSCP) pulls together leaders in real secure information exchange, including information exchange across and between enterprises. Join the Leaders in Secure Collaboration.

Government IT: Making the Most of Cybersecurity Investments


With cybersecurity at the forefront of the national agenda, and with a budget to strengthen their cyber-defenses, government IT leaders are now in a unique position to make substantial changes to the ways that they secure their agencies from those with malicious intent.

Fed Tech Roundup September 30


Northrop Grumman to Feature Maritime Security Capabilities at Pacific 2015. Costly blimp surveillance program is looking a little deflated - Federal Information Security: Agencies Need to Correct Weaknesses and Fully Implement Security Programs, September 29, 2015. The following are some of the hot topics in the federal technology ecosystem (from and ): Fed Tech Ticker.

E-Government: A Graduate Class

CIO Musings

The class title is INFO 691 Topics in Information Systems – Digital Government This class is about using information and communication technologies to provide government services. I have guest lectured for the FTEMS program as well as other graduate MIS classes. Information security, leadership, coding and networking are primary interests of mine. It has been 6 months since I posted anything to this blog. Not setting a very good example I am afraid.

Good People at @SecureNinja Provide Cyber Kung Fu Certified Ethical Hacker Course Free


See the video at this link and embedded below: The video here features Secure Ninja TV host Alicia Webb with Tom Updegrove , 8th degree black belt and his student, Larry Greenblatt , 3rd degree black belt for some great discussions and training. Cyber Security Video Security

Course 298

Guidance Software Federal Summit 6 March 2014


Recognized as a pioneer in the field of classified information protection, Mr. Bigman developed technical measures and procedures to manage the nation’s most sensitive secrets. Mr. Bigman is now an independent cyber security consultant and president of 2BSecure LLC in Bethesda, Maryland.