• (0)
    ISO-27001-ISO-22301-blog

    ISO 27001 & ISO 22301 Blog

    Top 10 information security bloggers in 2014

    If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful.

    I listed here only the blogs written by independent authors (blogs that were not edited by an editorial team), and I listed them in alphabetical order. Enjoy the reading!

    Top 10 information security bloggers in 2014 - 27001Academy

    A Few Thoughts on Cryptographic Engineering by Matthew Green

    This is a very narrowly focused blog on cryptography; however, Matthew has written a surprisingly large number of articles on this topic. Although very technical and very in-depth, he writes in such a way that someone with moderate knowledge of IT security can understand it.

    One of his most popular posts in 2014 was What’s the matter with PGP? – more than 70 comments.

    Top 10 information security bloggers in 2014 - 27001Academy

    CyberCrime & Doing Time by Gary Warner

    As the name suggests, Gary’s blog focuses on cybercrime and related legal issues – what’s good about his blog is that he takes examples of real attacks and analyzes how they have been performed and what to do about them.

    One of his most popular posts in 2014 was on how GameOver Zeus uses encryption to bypass perimeter security.



    Top 10 information security bloggers in 2014 - 27001Academy

    Graham Cluley by Graham Cluley

    Graham writes about various security issues, ranging from industry news, reviews, and alerts all the way to hacking, malware, spam, threats, etc. He is very prolific – at least one article per day, and targets currently hot security topics; this is very good blog for someone who wants to get an overall picture of what’s going on.

    One of his most popular posts in 2014 was about a video scam that has spread on Facebook – more than 5,000 Facebook shares.

    Top 10 information security bloggers in 2014 - 27001Academy

    Krebs on Security by Brian Krebs

    Definitely one of the most popular infosec blogs, it focuses on online crime investigations, latest threats, security updates, data breaches, and cyber justice. I like it because it is very well written – you can see that Brian is a professional journalist (he was working for The Washington Post) – all the topics are very well researched and explained.

    One of his most popular blog posts in 2014 was about a credit card breach at Home Depot – more than 300 comments.

    Top 10 information security bloggers in 2014 - 27001Academy

    Lenny Zeltser on Information Security by Lenny Zeltser

    This is a very interesting blog on incident response, malicious software, risk management, and security technology. What’s good about it is that Lenny provides deep explanation on various security subjects so that you can learn quite a lot when reading his articles.

    One of his most popular posts was about the new release of REMnux Linux Distro for malware analysis – 150 Facebook likes.

    Top 10 information security bloggers in 2014 - 27001Academy

    Schneier on Security by Bruce Schneier

    One of those security blogs you cannot afford to avoid, it focuses on wide range of subjects, and one of the most common topics in 2014 was the NSA and Edward Snowden affair. I like this blog because Bruce doesn’t publish only his articles: he also comments on various other security news and publications, so you can use it as a kind of a portal to a wider picture of the security world.

    One of his most popular post was on the Heartbleed bug – almost 300 comments there.

    Top 10 information security bloggers in 2014 - 27001Academy

    Security Affairs by Pierluigi Paganini

    Probably the most productive information security blogger, Pierluigi publishes at least one, and sometimes even two or three articles per day, and covers a wide range of security topics including cyber warfare, cybercrime, and hacking. If you want to get security news on a daily level, this blog is a very good choice.

    One of his most popular posts in 2014 was on two 14-year-old students who hacked an ATM – almost 600 Facebook likes.

    Top 10 information security bloggers in 2014 - 27001Academy

    TaoSecurity by Richard Bejtlich

    Unlike other security bloggers, Richard offers a more conversational style in his writing – he covers different security topics, with focus on incident detection, response for targeted threats, digital security, etc. You’ll notice that Richard always provides his personal view on the topic he covers, so his articles are really enjoyable to read.

    One of his most popular posts in 2014 was about Russian information warfare.

    Top 10 information security bloggers in 2014 - 27001Academy

    Terry Zink: Security Talk by Terry Zink

    Terry covers IT security topics like spam, hacking, malware, botnets, etc., but he also interviews prominent people from the security world so that readers can gain insight into other security expert opinions. Since he works at Microsoft on IT security issues, he provides detailed security guidelines that will surely appeal to readers interested in protection of IT systems.

    One of his most popular posts in 2014 was about why spam and phishing get through Office 365.

    Top 10 information security bloggers in 2014 - 27001Academy

    troyhunt.com by Troy Hunt

    Troy focuses on one segment of the security arena that is probably growing the most: web security and cloud security. What’s good about his blog is that he speaks about real-life security problems and very often provides very detailed explanation through videos and images on how to resolve them.

    One of his most popular posts in 2014 was Everything you need to know about the Shellshock Bash bug – more than 9,000 Facebook likes and 200 comments.

    –  –  –

    And this is it – hope you’ll find this list useful. I know there are also some other good information security blogs on the Internet, but I tried to focus only on those that regularly post new articles.

    Now you have something to read on your holidays 🙂

    Advisera Dejan Kosutic
    Author
    Dejan Kosutic
    Dejan holds a number of certifications, including Certified Management Consultant, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, and Associate Business Continuity Professional. Dejan leads our team in managing several websites that specialize in supporting ISO and IT professionals in their understanding and successful implementation of top international standards. Dejan earned his MBA from Henley Management College, and has extensive experience in investment, insurance, and banking. He is renowned for his expertise in international standards for business continuity and information security – ISO 22301 & ISO 27001 – and for authoring several related web tutorials, documentation toolkits, and books.