Vendor Risk Management

The Top 22 IT Security Blogs Of 2015

Melissa Stevens | December 23, 2015

If you want to find out what’s happening in the world, you probably turn to your favorite news outlet. Maybe it’s your local paper or something more widely circulated, like the Washington Post or the New York Times. But if you want to find out what is happening on a day-to-day basis with cybersecurity governance and policy, you’ll need to have a stash of bookmarked blogs at the ready.

The experts behind the 22 blogs listed below break news, offer detailed commentary, and summarize important security details. The granular-level analyses these IT security blogs provide give a great amount of context and detail you can’t find in the mainstream press.

1. Andrew Hay Blog

Andrew Hay is a former research director at OpenDNS, and he has an extensive background in cybersecurity. His blog, which dates back to July 2006, is updated consistently with news and happenings in the security community.

2. InformationWeek’s Dark Reading

With a tag line that states “Connecting the information security community,” you know Dark Reading is worth the bookmark. Catch up on the latest breaches and hacks, cloud security updates, authentication and privacy happenings, and much more.

3. Data Breach

Data Breach writes loads of articles around risk management, compliance, fraud, and information security. (They published 46 articles in November alone!)

4. F-Secure News from the Lab

This blog was started over 11 years ago to “monitor the Mydoom worm's DDoS attack on sco.com.” They recently moved websites, but continue to blog regularly about malware and security concerns.

5. Fortinet Security Blog

Fortinet, a network security company, has a great (and regularly updated) blog. We suggest you take a look at their top 5 threat predictions for 2016.

6. Hacker News

Hacker News is a “daily news source for IT professionals, webmasters and bloggers.” It focuses on cybersecurity news from the “best IT sources around the world.”

7. Krebs on Security

Brian Krebs is a former investigative journalist who breaks news on all of the major breaches. He explains breaches in layman's terms and does a great job of researching how the attackers get in. (By the way, this is one of my personal favorites!)

8. Naked Security Blog

Sophos, a security hardware and software company, hosts the Naked security blog. It is a “threat newsroom” that covers security news, opinion pieces, advice, and research.

9. Paul's Security Weekly

Paul's Security Weekly is a live web show (on Thursdays at 6 p.m. EST) that details the “latest information security news, research, hacker techniques, vulnerabilities, and technical how-tos.”

10. Politico Morning Cybersecurity

Politico Morning Cybersecurity is a daily summary of news surrounding the cybersecurity industry. It specializes in cybersecurity legislation, government cybersecurity, the latest cybersecurity research and reports, and quick bytes of security news.

11. Project Zero

This blog consists of updates from Google's dedicated “zero-day team” of security analysts, who focus on finding undisclosed vulnerabilities.

12. SANS AppSec Blog with Frank Kim

The SANS Institute is a well-known IT security and training firm, of which Frank Kim is the chief information security officer. His blog covers secure software development lifecycles (SDLC), vulnerabilities, and more.

Vendor Security Assessment Guide 13. Schneier on Security

Bruce Schneier is a preeminent security technologist and author. Schneier on Security hosts his blog (which is updated almost daily), news, essays, and newsletters, plus links to his books.

14. Securelist

Securelist is a Russian-led website that features articles on security policies, incidents, technologies, research, and much more. It also hosts an encyclopedia and statistics on cybersecurity threats, viruses, and spam.

15. Securosis Blog

Noteworthy on this blog are the Summary posts, which offer a roundup of the author’s favorite articles both on the Securosis blog and from outside sources, as well as noteworthy podcasts, conferences, reports, presentations, news, and more.

16. Swift on Security

These are the original thoughts of Taylor Swift, a rising superstar and information security expert. (Just kidding.) But this is a fun parody on that exact topic—and it’s worth a good laugh.

17. TaoSecurity with Richard Bejtlich

Not only does Richard Bejtlich discuss cybersecurity on his highly regarded blog, but he also discusses “strategic thought and military history.” Check out TaoSecurity for an interesting look at the security world.

18. The Register Security

The Register is an independent news source that offers views, opinions, and reviews on the latest in the IT industry.

19. Threatpost Blog

Threatpost offers articles, podcasts, and videos on topics like malware, mobile security, vulnerabilities, privacy, and much more.

20. TripWire's The State of Security

The State of Security is an award-winning blog, which features a mix of industry news and analysis. It does a great job of breaking down current security news and events and explaining why the reader should care about the topic at hand.

21. WatchGuard Security

Unique to the WatchGuard Security blog are the quick little videos called “Security Bytes” that explain new vulnerabilities, malware, and other problems (with links to the sources if you want to find out more).

22. ZDNet’s Zero Day Blog

Make sure to bookmark this page to stay up on “the latest in software/hardware security research, vulnerabilities, threats and computer attacks.”

Which blogs did we miss?

Tweet us @BitSight and tell us which IT security blogs we’re missing—they may show up in a later iteration of this article!

DOWNLOAD GUIDE: 40 QUESTIONS YOU SHOULD HAVE IN YOUR VENDOR SECURITY ASSESSMENT

40 Questions You Should Have In Your Vendor Security Assessment Need some assistance with the creation of your vendor security risk assessment? 

This ebook will give you a strong head start.

Suggested Posts

Third-Party Risk Management Best Practices for Enterprise

Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.

READ MORE »

Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.

READ MORE »

A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...

READ MORE »

Subscribe to get security news and updates in your inbox.