Cybersecurity Is About Attitude, Culture -- Not Strictly Compliance

by Jeffrey Man on April 10, 2014

Posted originally on Wired, InnovationInsights blog How do you avoid becoming the Next Big Retail Breach Target? There are plenty of points — and counterpoints — on the topic. As a cybersecurity professional who has specialized in compliance with the Payment Card Industry (PCI) Data Security...

Beware of Bleeding Hearts (Updated)

by Ken Bechtel on April 8, 2014

A recently discovered vulnerability, identified as Common Vulnerabilities and Exposures (CVE) CVE-2014-0160, but more commonly called HeartBleed Vulnerability, has been acknowledged by the Open SSL Organization and the Finnish Cert Team. This is an attack against the transport layer security...

Understanding NIST’s Cybersecurity Framework

by Cris Thomas on April 8, 2014

NIST’s Cybersecurity Framework (CSF) is likely to become the basis for what's considered commercially reasonable in regards to securing an organization’s infrastructure. For this reason alone companies should pay close attention to the CSF and, even if they don’t follow it completely, should at...

PVS 4.0.2 is now available for download

by Sherry Quinn on April 2, 2014

This maintenance release addresses the following issues: An expired PVS license or activation code sends the user to the Quick-Setup wizard to allow entry of the new license Hosts with Internet facing vulnerabilities were missing the “External Access” tag Filtering issue on the “Affected Host List...

True White-Knuckled Stories of Metrics in Action: Sylvan

by Marcus J. Ranum on April 2, 2014

In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs...