Filter By:



Recent Blogs & Podcasts

Insights Portal

\ Threats & Vulnerabilities 

February 16, 2018 | Threat Intelligence and Modeling
By Adam Shostack, IANS Faculty

 Comprehensive, Structured and Systematic: Engineering for Security

The hardest part of security is going from random discovery of problems as you create new features to a systematic, comprehensive and structured approach to finding problems early. In this webinar, IANS Faculty Adam Shostack identifies ways to bring security engineering to the very earliest parts of product or service cycles, align with agile practices and reap the benefits that come from such efforts: faster, more predictable and more secure launches.

Read More »

January 31, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Structure a Low-Profile Bug Bounty Program

While Google's bug bounty program is well designed and provides rich rewards, not every organization can operate at that high level. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum describes how to build a well-structured, low-profile program that encourages participation using a more realistic reward scale. 

Read More »

January 25, 2018 | Patch Management
By Josh More, IANS Faculty

 Streamline Patching for Third-Party Apps

Patching Windows systems is difficult enough without adding third-party tools like Java, Adobe and others to the mix. In this Ask-an-Expert written response, IANS Faculty Josh More explains how achieving patch management maturity requires a combination of imaging, deployment, patching and vulnerability scanning technologies, plus a large degree of automation.

Read More »

January 17, 2018 | Recruiting, Hiring and Retention
By Josh More, IANS Faculty

 Perform Effective Background Checks at Scale

Screening potential U.S.-based employees is difficult enough, but scaling background checks across vendors and international employees is even more daunting. In this Ask-an-Expert written response, IANS Faculty Josh More details the various types of background checks available and common pitfalls to avoid when leveraging them. He also provides tips for expanding the program to encompass vendor employees and international workers, and a roadmap for automating the process over time.   

Read More »

January 17, 2018 | Insider Threats
By Adam Shostack, IANS Faculty

 Prevent Data Loss Prior to Employee Job Termination

Preventing newly terminated employees from stealing corporate data prior to their departure is critical but increasingly difficult, especially as more organizations provide mobile and cloud access to sensitive applications. In this Ask-an-Expert written response, IANS Faculty Adam Shostack explains the importance of treating people fairly and having strong strategies for preventing/detecting data exfiltration at all times, not just during layoffs. 

Read More »

January 12, 2018 | Vulnerability Assessment and Management
By Dave Kennedy, IANS Faculty

 Meltdown and Spectre: What to Do Now

The recently revealed Meltdown and Spectre chip vulnerabilities are leaving many security organizations scrambling to get a fix in place. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy explains how attackers can leverage the flaws and why certain devices are more vulnerable than others. He also recommends taking a risk-based approach to patching them.

Read More »

January 10, 2018 | Malware and Advanced Threats
By Aaron Turner, IANS Faculty

 Information Security Trends for 2018

In 2017, we saw some of our most valued controls undermined and witnessed security incidents impacting businesses around the world.  What will 2018 bring? In this report and webinar, IANS Faculty Aaron Turner examines the major trends in store for IT security professionals in the coming year. From the new incidents we need to prepare for to the investments we need to make to keep up with attackers' capabilities, we have our work cut out for us..

Read More »

January 9, 2018 | Penetration Testing and Red Teaming
By Shannon Lietz, IANS Faculty

 Best Practices for Working with Bug Bounty Programs

Bug bounty programs like HackerOne, Bugcrowd and Synack can help organizations uncover code flaws before the bad guys do, but what are the best ways to leverage them without busting the budget? In this Ask-an-Expert live interaction, IANS Faculty Shannon Lietz explains the importance of solid security basics and preparation prior to engagement. 

Read More »