security controls

Security validation: The new standard for cyber resilience

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Pentera, security controls /

Security validation: The new standard for cyber resilience 2025-02-10 at 07:37 By Help Net Security Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the […]

React to this headline:

Loading spinner

Security validation: The new standard for cyber resilience Read More »

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

0-day, Don't miss, Hot stuff, News, security controls, spear-phishing, Trend Micro, Ukraine, vulnerability, Windows /

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) 2025-02-04 at 15:08 By Zeljka Zorz CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a

React to this headline:

Loading spinner

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

React to this headline:

Loading spinner

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

Preventing data leakage in low-node/no-code environments

Compliance, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nokod Security, opinion, risk, security controls /

Preventing data leakage in low-node/no-code environments 2024-12-10 at 07:34 By Help Net Security Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage. Data leakage

React to this headline:

Loading spinner

Preventing data leakage in low-node/no-code environments Read More »

Strengthening security posture with comprehensive cybersecurity assessments

Compliance, cybersecurity, Don't miss, Features, HGS Digital, Hot stuff, News, opinion, regulation, Risk Management, security assessment, security controls, threat detection /

Strengthening security posture with comprehensive cybersecurity assessments 2024-12-10 at 07:04 By Mirko Zorz In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs. The post Strengthening security posture with

React to this headline:

Loading spinner

Strengthening security posture with comprehensive cybersecurity assessments Read More »

Treat AI like a human: Redefining cybersecurity

Appfire, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, risk assessment, security controls /

Treat AI like a human: Redefining cybersecurity 2024-12-03 at 07:31 By Mirko Zorz In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten

React to this headline:

Loading spinner

Treat AI like a human: Redefining cybersecurity Read More »

Maximizing security visibility on a budget

Artificial Intelligence, Cloud, Compliance, cybersecurity, Don't miss, Features, Forescout, Hot stuff, IoT, IT assets, network, News, opinion, security controls, zero trust /

Maximizing security visibility on a budget 2024-11-05 at 07:03 By Mirko Zorz In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also

React to this headline:

Loading spinner

Maximizing security visibility on a budget Read More »

Essential metrics for effective security program assessment

Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Pentera, security controls, security testing, SOC /

Essential metrics for effective security program assessment 2024-09-19 at 07:02 By Mirko Zorz In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vulnerabilities and improve overall security posture. What are

React to this headline:

Loading spinner

Essential metrics for effective security program assessment Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Don't miss, Elastic, Features, malware detection, Microsoft, News, security controls, vulnerability, Windows /

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

What CISOs need to keep CEOs (and themselves) out of jail

CEO, CISO, communication, cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, monitoring, News, opinion, security controls /

What CISOs need to keep CEOs (and themselves) out of jail 2024-07-31 at 07:32 By Help Net Security Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity

React to this headline:

Loading spinner

What CISOs need to keep CEOs (and themselves) out of jail Read More »

How to design a third-party risk management framework

Beaconer, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, Incident Response, News, opinion, Risk Management, security controls /

How to design a third-party risk management framework 2024-07-12 at 07:31 By Help Net Security Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain

React to this headline:

Loading spinner

How to design a third-party risk management framework Read More »

Strengthening cybersecurity preparedness with defense in depth

Compliance, cybersecurity, Don't miss, Features, framework, Gigamon, Hot stuff, News, opinion, security controls, zero trust /

Strengthening cybersecurity preparedness with defense in depth 2024-07-11 at 07:01 By Mirko Zorz In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity. What are the top cybersecurity preparedness measures that businesses

React to this headline:

Loading spinner

Strengthening cybersecurity preparedness with defense in depth Read More »

Are you meeting your cyber insurance requirements?

attacks, backup, Clumio, cyber insurance, cybersecurity, Don't miss, Hot stuff, patching, policy, security controls, strategy, tips, Video /

Are you meeting your cyber insurance requirements? 2024-05-14 at 06:31 By Help Net Security Cyber insurance policies are specifically designed to offer financial protection to organizations in the face of cyber attacks, data breaches, or other cybersecurity incidents. While they can provide a sense of security, it’s crucial to be aware of their limitations. In

React to this headline:

Loading spinner

Are you meeting your cyber insurance requirements? Read More »

Building a strong cloud security posture

cloud security, cybersecurity, Cymulate, Don't miss, Hot stuff, misconfiguration, policy, security controls, strategy, tips, Video /

Building a strong cloud security posture 2024-05-01 at 06:31 By Help Net Security In this Help Net Security video, David Kellerman, Field CTO at Cymulate, discusses how cloud security still seems to lag even as the cloud grows in popularity and usage. Many leaders are unaware that they need to secure the cloud the same

React to this headline:

Loading spinner

Building a strong cloud security posture Read More »

How exposure management elevates cyber resilience

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, News, opinion, risk, security controls, shadow IT, WithSecure /

How exposure management elevates cyber resilience 2024-04-09 at 07:46 By Help Net Security Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate. Instead of asking, “Are we exposed?” organizations

React to this headline:

Loading spinner

How exposure management elevates cyber resilience Read More »

Why cyber maturity assessment should become standard practice

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Prism Infosec, risk, risk assessment, security controls /

Why cyber maturity assessment should become standard practice 2024-03-05 at 08:05 By Help Net Security Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to

React to this headline:

Loading spinner

Why cyber maturity assessment should become standard practice Read More »

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity

AttackIQ, collaboration, cybersecurity, Don't miss, Hot stuff, penetration testing, red team, security controls, Video /

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity 2024-02-13 at 07:01 By Help Net Security In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness. It’s no longer about

React to this headline:

Loading spinner

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity Read More »

Hacking the flow: The consequences of compromised water systems

critical infrastructure, CyberArk, cyberattacks, cybercriminals, cybersecurity, Don't miss, hacking, Hacktivism, Hot stuff, Ransomware, security controls, Video /

Hacking the flow: The consequences of compromised water systems 2024-02-12 at 07:31 By Help Net Security In this Help Net Security video, Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, discusses the dire consequences of hacking water systems and why their cybersecurity must be prioritized. From contaminating water supplies to disrupting essential services, the impact

React to this headline:

Loading spinner

Hacking the flow: The consequences of compromised water systems Read More »

Which cybersecurity controls are organizations struggling with?

BitSight, cyber risk, cybersecurity, Google, News, report, security controls, trends /

Which cybersecurity controls are organizations struggling with? 13/12/2023 at 13:02 By Help Net Security How are organizations performing across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework? A recent analysis by Bitsight and Google reveals some good and some bad results – and room for improvement. What is MVSP? Minimum Viable Secure Product

React to this headline:

Loading spinner

Which cybersecurity controls are organizations struggling with? Read More »

CISOs struggling to understand value of security controls data

Artificial Intelligence, CISO, cybersecurity, data security, News, Panaseer, report, security controls /

CISOs struggling to understand value of security controls data 26/10/2023 at 06:02 By Help Net Security Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. The biggest concern when taking on a new CISO role is receiving an inaccurate audit

React to this headline:

Loading spinner

CISOs struggling to understand value of security controls data Read More »

Scroll to Top