vulnerability management

Staying Current On The Changing Threat Landscape: The Role Of The National Vulnerability Database (NVD)

The National Vulnerability Database (NVD is a leading source of intelligence on vulnerabilities for InfoSec professionals, and while it provides many benefits, it also has its limitations. This article will explain the advantages of using the NVD for vulnerability management, point out some of the blind spots that have occurred recently, and recommend best practices for successful mitigation.

A Dialogue with Tadd Wood

In this ITSPmagazine An InfoSec Life column, Tadd Wood shares his views on how data—and people—play a role in identifying risk and addressing cybersecurity issues.

What’s It Like Running the Daily Race of Cybersecurity?

Mandy Huth shares a day in her life as Director of Cybersecurity in order to produce further understanding of the challenges InfoSec professionals face and how we might overcome them.

Stuck in Cybersecurity Hell? Professional Education Is the Only Way Out

If we want to escape from “cyber hell” – then professionals will need additional training, not only to learn the latest technology, but also to understand public policy and organizational management. Howard Shrobe is looking to change this through professional education initiatives at MIT.

Protecting Data on IoT’s Rocky Road

Before rushing headlong into the Internet of Things, it's good to know what happens to the data that all those connected devices collect--and how to protect it.

Double Yahoo Breach: Nothing You Can Do About It, But Learn

It's time to stop pretending this is not going to happen to you. At work, or in your everyday life, we need to learn how to live with cybersecurity. If we want to play in an IoT and Internet-connected world, we need to learn how to play by the rules. Nobody has taught you thus far. It's time to get started. Now.

Ho, Ho, Ho! PCI DSS Compliance…Just in Time for the Holidays

The Payment Card Industry Security Standards Council has updated its data security standard. PCI DSS 3.2 went into effect November 1, which means many organizations are now scrambling to come into compliance--while also preparing for the busiest time of the year.