CSO:CYBER

Thinking like a hacker, knowing how to exploit loopholes by creating or editing code, and understanding how security holes are used can help you understand and manage patch and patch application. Two months ago I mentioned in an article “Advance to 'Next Level' Security” the challenge of keep a system or service up to date by the time the vulnerability is discovered versus the time to apply a patch mid-2000. Notorious that manufacturers on the one hand developed new software consequently brought new vulnerabilities and the most exploited at that time was the webservers, whether on Unix platform, Linux or Windows were not yet mature. Of course, services such as DNS, FTP, Telnet, Netbios, among others, were also massacred. Crackers used their ability to create exploits to exploit vulnerabilities in Internet services, and at the time, as I worked for an American bank, it was many early hours to update the environment and fix web server failures. Although it was run was challengin...

Intelligent CISO Issue 41 - CISOs driving blindfolded - How CISOs are overcoming limited visibility after COVID-19 triggered increase in cyberattacks - Physical security - The procedures data centre leaders should have in place to ensure their facilities are secure - Consctructing robust security - Achieving a comprehensive risk-based cybersecurity strategy in the construction industry - Accelerating security - Keith O’Gorman, GISSM at Archroma, discusses how the organization relies on Edgescan technology to continuously scan its systems for vulnerabilities across its IT infrastructure - Cyber trends - Survey reveals UK CISOs driving blindfolded, with limited visibility and control - Infrographic - Australian capital market firms respond to new risk management demands - What procedures should data centre leaders have in place to ensure their facilities are physically secure? - Ransomware, phishing, Zero Trust and the new normal of cybersecurity - Security is a journey, not a destinati...

Intelligent CISO Issue 40 - Voice of the CSO - Proofpoint research shines light on security challenges and key priorities - Ransomware avoidance - Experts discuss the precautions to take to avoid a ransomware attack - Security planning - Why a change in approach in required, rather than a budget increase - Cybersecurity Vision - Andreas Schneider, Group CISO at TX Group, tells us how the Swiss media company worked with Cyberreason to extend TX Group’s detection and response capabilities across cloud services and infrastructure - Infographic - VMware report reveals surge in cyberattacks targeting the anywhere workforce - Editor’s question - What are the precautions security leaders should be taking to avoid a ransomware attack? - Feature - Protecting from the cyber kill chain evolution - Expert opinion - The cumulative effector ransomware and the lessons for UK national infrastructure - Business surveillance - Why the board needs to give their CISO a seat a the table - CISOs area under...

Rangel Rodrigues, advisor em Segurança da Informação, reflete em seu artigo o papel dos profissionais de SI nos processos de transformação do negócio e na importância de não negligenciar o básico pautado em processos, pessoas e tecnologias *Por Rangel Rodrigues Não tem como mover para o novo se não fazemos o básico. O básico pode ser o velho conhecido processo ou atividade que, às vezes, procrastinamos e/ou não fazemos com dedicação. O velho pode ser a fragilidade no processo de gestão de vulnerabilidades, na aplicação de patches, na configuração de hardening, na classificação da informação ou na falta de uma correção de vulnerabilidade encontrada em SAST, DAST ou MAST. Geralmente quando nos situamos neste ponto, o invisível para nós é aquilo que ainda não existe, seja no processo de gestão de segurança da informação ou na perspectiva de controles em cibersegurança. Para ver o futuro e chegar em um objetivo, precisamos fazer o básico da segurança no que tange processo, tecnologia e pes...

A new issue of Intelligent CISO Issue 39 publication has been published - Proactive defense - Ensuring a resilient cyber infrastructure with a reliable threat hating approach - Data loss prevention - The basics of backup and how to avoid desaster - Passwordless future - Experts discuss whether passwords are a thing of the past - Investing in Security - Simon Mair, Head of Information Security and Data Privacy at Brewin Dolphin, discusses how the leading wealth management company ensures the security of both its client and company data - Cyber trends - Report finds up to 300% increase in attacks from opportunist targeting - Editor’s question - What are the challenges and pitfalls CIOs make when designing their network security? - Predictive intelligence - A perfect storm for supply chain attacks - Expert opinion - Why attackers continue to target the network - Decrypting myths - Experts discuss whether passwords are still fit for puporse - ISC2 and University of Mary Washington deli...

Flexible Security - A new issue 38 - Intelligent CISO magazine  - Flexible Security -> Fiedrich Wetsning, CISO and Vice President of Enterprise It at Flex, tells us how the company achieved a unified approach to defend against cyberthreats with Palo Alto Networks - Future of passwords -> Experts discuss the need for security leaders to re-evaluate their approach to password security - Skills shortage -> Fortinet announces its new offering to reduce the cyber skills gap - CISO priorities -> Expert reveals the priorities that should be covered in every CISO’s budget - Predictive Intelligence -> A closer look at the impact of cloud video surveillance: What does it mean for CIOs? - Feature -> Why organizations need an open, cloud-based platform to build security into their hybrid It environments - Expert opinion -> XDR - The future of threat detection and response - Business surveillance -> Unblurring the lines between physical and cybersecurity - Decrypting my...

Rangel Rodrigues, advisor em Segurança da Informação, destaca em seu artigo um chamado para os profissionais de SI mudarem o mindset diante dos riscos cibernéticos com resiliência e ações proativas Não basta ter as melhores soluções implantadas se o mindset dos colaboradores e gestores continuam com uma visão turva, permitindo que pequenos pecados capitais de segurança ocorram em virtude da falta de tempo ou devido ao excesso de atividades que precisam ser feitas. Ignorar um relatório de vulnerabilidades com 600 issues ou não saber como agir diante de um incidente de ransomware não pode ser mais uma desculpa. O fato é que em muitas empresas, homens de negócios e profissionais de TI ainda tentam buscar o caminho mais fácil por natureza para driblar o dilema da segurança. Com isso, aceitam riscos iminentes mediante uma pressão e, às vezes, a falta de incisão e resiliência dos profissionais de infosec nestas situações podem tornar o projeto de segurança um desastre. O tempo talvez seja o ...