InfoQ Homepage Security Content on InfoQ
-
/articles/data-driven-privacy-architecture/en/smallimage/Privacy-Architecture-for-Data-Driven-Innovation-logo-1580376548756.jpg)
Privacy Architecture for Data-Driven Innovation
This article lays out how you build an internal data governance architecture early in the ingestion phase, which enables you to allocate risk to data and identify such data in your systems. You can then protect the data accordingly. The second half of this article lays out various techniques to share data in a privacy-conscious manner.
-
/articles/detect-prevent-account-fraud/en/smallimage/What-Is-Account-Creation-Fraud-Complete-Guide-to-Detection-and-Prevention-l-1576744432390.jpg)
What Is Account Creation Fraud? Complete Guide to Detection and Prevention
In this article, we'll take a look at the re-emergence of account creation fraud, and how this type of attack works. Then we'll turn our attention to the impact that this is already having on the way that companies secure their identity management systems, the effects of security measures like virtual private networks (VPN) and password managers, along with what the future will bring.
-
/articles/conference-recording-recommendations-2019/en/smallimage/infoq-conference-recording-recommendations-2019-small-1575390422291.jpg)
InfoQ Editors' Recommended Talks from 2019
As part of the 2019 end-of-year-summary content, this article collects together a list of recommended presentation recordings from the InfoQ editorial team.
-
/articles/leaders-guide-cybersecurity/en/smallimage/a-leaders-guide-to-cybersecurity-logo-small-1573485864187.jpg)
Book Review: A Leader's Guide to Cybersecurity
A Leader's Guide to Cybersecurity educates readers about how to prevent a crisis and/or take leadership when one occurs. With a focus on clear communication, the book provides details, examples, and guidance of mapping security against what a business actually does. The book describes ways to align security with the motivation of others who may be security-agnostic against their own goals.
-
/articles/cybersecurity-pain-points/en/smallimage/three-major-cybersecurity-pain-posts-address-improved-threat-defense-l-1570618911328.jpg)
Three Major Cybersecurity Pain Points to Address for Improved Threat Defense
Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.
-
/articles/book-review-bug-hunting/en/smallimage/real-world-bug-hunting-qa-1570538890072.jpg)
Q&A on the Book Real-World Bug Hunting
The book Real-World Bug Hunting by Peter Yaworski is a field guide to finding software vulnerabilities. It explains what ethical hacking is, explores common vulnerability types, explains how to find them, and provides suggestions for reporting bugs while getting paid for doing so.
-
/articles/cloud-security-practices-gerg/en/smallimage/Improving-Security-Practices-Cloud-Age-QA-Christopher-Gerg-logo-1569415957274.jpg)
Improving Security Practices in the Cloud Age: Q&A With Christopher Gerg
IT leaders say that security is a top priority. Surveys show that it’s easy to say, and hard to do. InfoQ spoke with Christopher Gerg, CISO at Gillware, about security practices in the cloud age.
-
/articles/implementing-policies-kubernetes/en/smallimage/Implementing-Policies-in-Kubernetes-logo-1568710380440.jpg)
Implementing Policies in Kubernetes
The author explains what Kubernetes policies are, and how they can help you manage and secure the Kubernetes cluster. We will also look at why we need a policy engine to author and manage policies.
-
/articles/chaos-engineering-security-networking/en/smallimage/chaos-engineering-security-networking-s-1567076664758.jpeg)
How to Use Chaos Engineering to Break Things Productively
Chaos can be a preventative for calamity. It's predicated on the idea of failure as the rule rather than the exception, and it led to the development of the first dedicated chaos engineering tools. This article explores chaos engineering, and how to apply it.
-
/articles/developers-business-communicate/en/smallimage/logo-1562065617521.jpg)
How Developers Can Learn the Language of Business Stakeholders
This article explores how business stakeholders and developers can improve their collaboration and communication by learning each other's language and dictionaries. It explores areas where there can be the most tension: talking about impediments and blockers, individual and team learning, real options, and risk management.
-
/articles/evolve-devops-devsecops/en/smallimage/How-to-Seamlessly-Evolve-DevOps-into-DevSecOps-logo-small-1561367768393.jpg)
How to Seamlessly Evolve DevOps into DevSecOps
As DevOps evolved, it became obvious that it was about more than just software development and operations management. With each new story of a massive data breach and its catastrophic consequences, cybersecurity swiftly became recognized as a critical part of any IT ecosystem. This realization led to DevSecOps. This article looks at how to embrace a DevSecOps approach.
-
/articles/notpetya-retrospective/en/smallimage/icon-1560945161288.jpg)
NotPetya Retrospective
As we hit the second anniversary of NotPetya, this retrospective is based on the author’s personal involvement in the post-incident activities. In the immediate aftermath, it seemed like NotPetya could be the incident that would change the whole IT industry, but it wasn’t—pretty much all the lessons learned have been ignored.