Some security weaknesses can't be found with a scan or a vulnerability assessment of the infrastructure. As a security manager, you have to keep your eyes open for things that aren't as secure as they should be, based on any evidence that comes your way. That happened to me a few weeks ago, in just about the best way possible. We were able to take steps to tighten security in a particular area after an incident that could have been damaging but actually wasn't. I wish all our security lessons could be so benign.
- NSA warns enterprises over TLS traffic inspection risks: do it once, and do it well
- How a bank got hacked (a study in how not to secure your networks)
- As government reins in IoT security, recalcitrant mining industry is exposed
- The week in security: Poor security hygiene just not good enough, APRA warns
- New Zealand: over a third of cyber attacks come from state-sponsored hackers