Resilience Engineering: What It Is and Why You Need It
By David Geer
In his famous 2011 Wall Street Journal article, Marc Andreessen, co-creator of the first web browser, Mosaic, wrote, “Software is eating the world.” Digital transformation has since fueled software’s appetite, converting manual processes to automation, counting on code to do the heavy lifting rather than hardware alone.
Criminal actors excel at orchestrating failure conditions in software, driving systems to a state of insecurity, breaking applications and exfiltrating precious data such as intellectual property and customer databases.
Resilience engineering welcomes the insights and experiences of cybersecurity professionals to fortify software against the hammering of modern cyberattacks. Read More
The Cybersecurity End Game Isn’t Just About Protection. It’s About Profits
By Sandip Dholakia, CISSP, CCSP
Though staying secure is a cybersecurity professional’s priority, it isn’t the only one. Staying in business is just as important, no matter your title.
To be the best cybersecurity practitioner, you must embrace both the IT and business sides of an organization. More than your career depends on it. Read More
Lessons Learned from Implementing PCI DSS
By Kumar Setty, CISSP, HCISPP
Most experienced security professionals encounter or are required to assess PCI DSS (Payment Card Industry Data Security Standard) compliance based on 12-point criteria.
Any business that transmits, stores, handles or accepts credit card data — regardless of size or processing volume — must comply with PCI DSS. That includes hospitals, restaurants, retail outlets, and any other organization using e-commerce and accepting or handing credit and debit card information for payment.
The ultimate penalty for noncompliance: Payment card brands terminate the merchant relationship with the organization, cutting off what for many is now their consumers’ primary payment method. Other penalties include fines until the deficiencies are remediated.
Yet issues remain. I know because I’ve experienced them, and now wish to share what I’ve learned so others avoid them. Read More
Multi-Factor Authentication: Who’s to Blame if It Doesn’t Work as Intended?
By Ian Rifkin, CISSP
While multi-factor authentication (MFA) usage has increased during the pandemic, its adoption could be higher, given its benefits. So why aren’t more users incorporating this stronger method of authentication? And who is really to blame when they don’t?
Multi-factor authentication requires multiple factors as part of the authentication process. Authentication without MFA (e.g., password-based authentication) only uses one factor, while MFA uses two or more: something you know (e.g., password), something you have (e.g., a phone or security key), and/or something you are (e.g., biometrics). Security professionals agree that MFA significantly increases account security. Failure to adopt MFA makes it easier for hackers to compromise accounts. Read More