BSIMM's Data-driven Approach to Software Security

The Building Security in Maturity Model's sixth edition features recommendations gleaned from software security practices of more than 100 companies.

How to Secure Corporate Data in Post-Perimeter World

Four simple steps can help organizations secure business data outside the firewall.

TrueCrypt Travails Continue

Two serious bugs later, almost no one thinks it is a good idea to use TrueCrypt. But what are your options?

Unlocking Smartphones: PINs, Patterns or Fingerprints?

PINs, patterns and fingerprints are all options for unlocking mobile devices. But which option is most secure?

Europe's Data Protection Regs: What You Need to Know

Europe's data protection rules are about to get more strict, under legislation being drafted by the European Commission. Several rules relate to cloud data.

Apple Watch Security Risks (and Benefits)

With the Apple Watch, as with smartphones before it, security pros need to proactively prepare for the mobile device's entry into the workplace.

How to Fight Zombie App-ocalypse

"Zombie" apps are an often overlooked BYOD security threat. User education and application whitelisting can reduce risks associated with these dead and stale apps.

Using Two-Factor Authentication for Mobile Security

Reduce the likelihood of having your mobile device hacked by using two-factor authentication.

3 Ways to Mitigate Insider Security Risk

As recent data breaches show, every organization needs to take action to better secure insider access, particularly that of privileged users and contractors.

How to Choose the Right Security Testing Tool

Picking the right tool is a critical part of application security.

How to Mitigate Security Risks from Third-Party Providers

Vendor application security testing is a key practice to help companies ensure that third-party software meets their security standards.


Attaining PCI-DSS compliance is no easy task, but IKEA's common sense approach makes it a bit less taxing.

How to Build an Adaptive Security Culture

What can Bruce Lee teach your security team about dealing with cyber threats?

4 Lessons Learned from the POODLE Hack

Doggedly pursuing security best practices will help organizations beat vulnerabilities like POODLE.

Are Your Databases Secure? Think Again

Targeting enterprise databases is a common attack tactic, as the Anthem breach showed, yet many companies neglect database security.

20 Top Security Influencers

It can be tough to know where to go for the latest enterprise security news and actionable advice. This list of influencers is a great place to start.

Windows 10: Securing Identity, Information and Devices

Windows 10 includes some goodies for enterprise security professionals.

Integrating Bulletproof Security into App Development

Application security should never be an afterthought. SoftServe's Nazar Tymoshyk offers advice on building secure software.

Phone Scams Getting More Sophisticated

Even folks who know better can fall for sophisticated phone scams that leverage personal information.

Windows Server 2003: No Support, No Security?

What are your options, if any, for mitigating security risks of continuing to run Windows Server 2003 after Microsoft ends extended support in July?

Data Security Best Practices Not Good Enough

Following data security best practice may give you a false sense of security and leave you vulnerable to potential attacks, says Absolute Software's Ryan St. Hilaire.

Phishing Attacks: Not Sophisticated, but Successful

While companies spend big bucks on combating advanced malware, users still fall prey to email phishing scams.

3 Bad Security Habits that Make CISOs Crazy

Every CISO can relate to these bad security habits found in most organizations. But what can CISOs do to change them?

Making the Case for Security Investment

Annual security risk assessments and meaningful metrics are among the tools infosec pros can use when asking senior decision-makers to increase budgets.

10 Tips to Mitigate Data Breaches

We include a list of vendors that offer solutions that can help improve your response to security threats and data breaches.