Security operations and management

Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.

August 25, 2022 25 Aug'22
Twitter whistleblower report holds security lessons

The whistleblower report from Twitter's former security lead should provide companies and boards with lessons on how not to handle internal security concerns.
August 16, 2022 16 Aug'22
For cyber insurance, some technology leads to higher premiums

Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk.
August 11, 2022 11 Aug'22
Sigstore co-creator talks GitHub, Kubernetes and next steps

Dan Lorenc reflects on a whirlwind year for his open source project, now officially incorporated into Kubernetes and GitHub's npm registry, and his plans for the year to come.
August 11, 2022 11 Aug'22
How CI/CD pipelines are putting enterprise networks at risk

At Black Hat USA 2022, NCC Group researchers demonstrated how threat actors can compromise CI/CD pipelines and break out into enterprise networks and cloud environments.

Bring yourself up to speed with our introductory content

What is identity sprawl and how can it be managed?

With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed. Continue Reading
DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails. Continue Reading
Domain-based Message Authentication, Reporting and Conformance (DMARC)

The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

How to conduct a secure code review

Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
Data security as a layer in defense in depth against ransomware

Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack. Continue Reading
What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading

Learn to apply best practices and optimize your operations.

5 tips for building a cybersecurity culture at your company

As a company's cyber risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
How to perform a data risk assessment, step by step

Organizations need confidence that they are properly identifying and protecting sensitive data. Follow these five steps to create a data risk assessment. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Case study: Why it's difficult to attribute nation-state attacks

If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
Tips for using a threat profile to prevent nation-state attacks

Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
Top 7 enterprise cybersecurity challenges in 2022

Security teams faced unprecedented challenges in 2021. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2022. Continue Reading