Stories by Bill Brenner

  • Vulnerability management basics: Pen testing techniques

    It should go without saying that pen testing is one of the most important pieces of an IT security shop's vulnerability management program. And yet it's something that was <a href="http://www.csoonline.com/article/468766">declared a dead art by Fortify Co-founder Brian Chess</a> a couple years ago.

  • FireEye vows to expose 'truth' behind modern malware

    In his interview with CSO last week, FireEye Chief Security Architect Marc Maiffret lamented what he sees as <a href="http://www.csoonline.com/podcast/592577">the inability of security vendors to keep up with the malware innovations</a> made in the pursuit of attacks against the likes of Adobe and Apple.

  • Your BlackBerry's dirty little security secret

    Tyler Shields, senior member of the Veracode Research Lab, spends a lot of time <a href="http://www.csoonline.com/podcast/533263">picking apart those BlackBerry devices</a> that are ubiquitous across the enterprise. What he's found may disappoint those who thought they were secure.

  • Why Security Matters Now

    Social networking and cloud computing threats abound, our annual Global Information Security Survey finds, making information security important once again to business leaders.

  • Does Social Networking Require User Policy Changes?

    IT security administrators have had a fairly easy case to make against such social networking sites as Myspace in the past. Myspace in particular tends to be a place for the mostly personal, and some profiles are simply front companies for online mobsters and malware pushers.

  • Five Ways To Survive a Data Breach Investigation

    Security experts say it all the time: If a company thinks it has suffered a data security breach, the key to getting at the truth unscathed is to have a response plan in place for what needs to be done and who needs to be in charge of certain tasks. And, as SANS Institute instructor Lenny Zeltser advised in CSOonline's recent How to Respond to an Unexpected IT Security Incident article, "ask lots and lots of questions" before making rash decisions.