Posted on May 10, 2017
You’re a CISO on the train on your way into work. What are you reading?
We all know that the information security world is constantly evolving, making it increasingly important to keep up with the latest threat, breach, or vulnerability that may be exposing risk to your organization.
There are many security publications, sites, and even blogs that are great resources to learn how to keep you and your organization safe.
Here’s a few that we thought were better* than the rest:
Brian Krebs is an investigative journalist and reporter whose focus is focusing on cybercrime and other major data breaches and hacks. Taking advantage of his expertise and connections within the security industry, he finds angles in a story that most major publications will miss. Brian is meticulous and dedicated towards ensuring that every aspect of an attack from motive to technique is discovered and reported.
Wombat Security Technologies provides security awareness and training solutions to organizations who want to improve their employee awareness security. Their blog offers insight on recent events as well as employee-specific threats, dedicating an entire section of their blog to phishing and other cyber threats. They also offer a ‘Keys to Success’ section which offers actionable information that individuals and organizations can use to improve their own security.
Errata Security is a blog run by Robert Graham and David Maynor, two security researchers with decades of experience. Their blog is highly opinionated, takes a long-term perspective on security, and offers insight on widely-reported issues. Their articles often combine a high level of technical analysis, providing a unique point of view to each story.
Kaspersky Labs’ Threatpost is a publication that provides daily articles, podcasts, and videos on all things security. Focused on new threats and attacks, this publication is a great daily resource to check to ensure that your organization and your employees are not exposing themselves to the newest vulnerability that may be lurking on their phone, applications, or essential business products. They’re usually one of the firsts to report on a new vulnerability or threat that may be affecting organizations at large.
Security Bloggers Network (SBN) is an aggregation of nearly 300 information security blogs and podcasts. The SBN feed aggregates a wide variety of security blogs that cover recent threats, roundups, popular news stories, and the latest in security research. The aggregated feed is perfect for a more technical and hands-on approach to information security
The Naked Security blog is often cited by major newspapers, and their writers come from a wide swath of security backgrounds. The blog is owned by Sophos’, but it runs like a security newsroom- publishing daily articles on recent events in the security world, new threats that may affect organizations and their employees, and briefs on most important news of the week.
Paul’s Security Weekly is an award-winning podcast, webcast, and security publication, publishing a number of weekly shows focused on recent security events, enterprise security, and interviews with professionals in the field. With a high-production value and robust team behind them, Paul’s Security Weekly provides insight and security news in a different format than many other sites.
Akamai is a content delivery network (CDN) service provider and runs a blog that focuses on enterprise security, data protection, and cloud security. Its blog is written by Akamai writers and analysts with decades of experience working with enterprises and organizations. However, because Akamai is a CDN provider, they have a unique perspective when it comes to attacks that compromise websites, such as a DDoS attack. The blog is well-known for providing a more detailed look into how these kinds of attacks can take down a website and what further fallout an organization can expect.
The Security Ledger is an independent news provider that publishes daily content on recent news events and updates in security with a focus on long-term consequences, enterprise reaction, and government policy. They focus on the Internet of Things (IoT) as well as external threats from malware to cyber-terrorism.
Graham Cluley is a public speaker and independent computer security analyst. His website aggregates numerous posts on breaches, hacks, enterprise security, and the security industry itself.
* What makes these websites better? We determined the best websites by looking at several factors including post frequency, content quality, and social influence.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.