Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.
In the wake of recent ransomware attacks, such as WannaCry, what lessons do we have yet to learn? Ransomware attacks are nothing new, and while WannaCry was widespread, it was not sophisticated or stealthy, necessarily. So why did it have such an impact?
In this session, our panelists will discuss why the "wartime...
The complexity of information technology and the constantly evolving threat landscape makes implementing appropriate controls and processes to secure information assets a major challenge for most enterprises in and out of government. The number of vulnerabilities organizations face is mindboggling: the National...
Nearly every major breach over the last three years - including Anthem, Target, Home Depot, Office of Personnel Management, the Internal Revenue Service, the National Security Agency - shared a crucial commonality: attackers gained entry using compromised or stolen credentials.
This range of identity-centric...
The Obama administration has implemented a number of cybersecurity and privacy initiatives and policies aimed at making IT more secure for the federal government and the private sector, including the cybersecurity framework, National Strategy for Trusted Identities in Cyberspace, employing encryption and sharing cyber...
The Department of Homeland security sees malware provenance - which identifies the attributes of malicious codes - as a way to complement its signature-based Einstein intrusion detection and prevention systems to find malware that infects IT systems.
The 30-day Cybersecurity Sprint overseen by Federal CIO Tony Scott has crossed the finish line, but in reality, it looks more like a starting gate to a marathon to get the federal government to secure its battered IT.
Attackers could abuse flaws in Android's Stagefright media library to seize control of almost 950 million devices, just by sending a text, a security researcher warns. But will most devices ever see related fixes?
EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.
Two years after the leaks that showed the U.S. National Security Agency spied on America's European allies, the U.S. and Europe still need to rebuild trust so they can collaborate on defending against cyber-attacks, says Carsten Casper of Gartner.
The Gartner Security and Risk Management Summit tackles digital business, a concept that blurs the physical and digital worlds, and requires organizations to reconsider how they approach IT security and risk management.
Assessing the risks presented by "digital business" - the new business designs that blur the digital and physical worlds - will be a theme at the 2015 Gartner Security and Risk Management Summit, says Andrew Walls, event chairman.
At a time of sweeping change in cybersecurity, attorney Stephen Wu says organizations need to be prepared from a compliance, incident response and risk management perspective to address novel situations stretching society's capabilities.