We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:



Recent Blogs & Podcasts

Insights Portal


April 19, 2018 | Account Provisioning
By Aaron Turner, IANS Faculty

 Cloud Provisioning: Know the Issues

The good news for cloud identity management? Authentication standards are solid. The bad news? Authorization standards are nowhere near as mature. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the many challenges in cloud provisioning and recommends focusing on making role-based access control (RBAC) as efficient as possible.

Read More »

April 19, 2018 | Threats & Incidents

 Higher Education: Overview of Q4 2017 Data Breach Causes

In the higher education sector, some 43% of data breach incidents involved hacking and/or malware attacks in Q4 2017, while accidental disclosure represented 25%, and loss of portable device were at 11%. Insider attacks were the cause of 4 percent of data breaches in that time period.

Read More »

April 18, 2018 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Are You Up to the Challenge?

Honeypots have a bad rap in infosec circles, and that's unfortunate. Implemented correctly, honeypots are virtually free tools that can help security easily and quickly pinpoint attackers as they perform reconnaissance or try to move laterally through a network. In this report, we explain what honeypots are, offer some simple ways to build them, and detail their pitfalls and success factors. 

Read More »

April 17, 2018 | Threats & Incidents

 Top Cloud Security Concerns in 2018

Two-thirds of cloud customers are most concerned about the risks of unauthorized access (69%) and half worry about malware infiltrations (50%). More than one-third of cloud customers cited the inability to monitor employee activity in the cloud as a concern.

Read More »

April 17, 2018 | Leadership Skills

 Overview of Cybersecurity Questions the Board Should Be Asking

Board members need to ask tough questions about an organization’s cyber risk if they want to help develop a more effective cyber strategy. Among those questions – what additional resources are needed, and how does the organization’s security training need to change to reflect today’s cyber risk?

Read More »

April 17, 2018 | Penetration Testing and Red Teaming
By Jake Williams, IANS Faculty

 Avoid Common Issues with Live Red Team Exercises

Red team exercises provide valuable insight into an organization's defenses, but running them against live environments can be dicey. In this Ask-an-Expert live interaction, IANS Faculty Jake Williams details how to get a red team program up and running, and offers tips for conducting live exercises without adversely affecting the business.

Read More »

April 16, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Create an Efficient, Effective Bug Bounty Program

Organizations with significant software exposure often consider deploying bug bounty programs to improve quality and better manage vulnerability disclosures, but what's the best way to go about it? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum recommends using an internal (vs. outsourced) process and details the critical components for success.

Read More »

April 16, 2018 | Threats & Incidents

 Understanding the Mobile Risk Matrix

Mobile devices face myriad security risks from apps, operating systems, the networks they run on, and the web content they access. Malicious mobile applications, for instance, can steal info, give unauthorized access and even leak data.

Read More »