When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation of mobile devices in the workplace and use of Wi-Fi...

Tips from six CSOs/CISOs from varied industries who have actually applied risk-based security management to their business.

Last week, I sat in on a briefing by a guy who calls himself “ Four ” who happens to be involved in intrusion detection for Facebook. He shared some interesting perspective at the Black Hat conference through a discussion of ”Intrusion Detection Along the Kill Chain.” The information Four presented is based on the work done by Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, Ph.D of Lockheed...