GovInfoSecurity.com

Although insider-threat incidents within organizations tend to be different case-by-case, says Carnegie Mellon University's Dawn Cappelli, there are similarities and patterns that organizations can look for when mitigating their risks. What are some of the common characteristics among insiders, and how can...

Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.

Risk-management professionals must think outside of the box in terms of innovation, research and development and partnerships.

Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.

Rep. Dan Lungren, the bill's chief sponsor, contends the regulatory approach taken by his bill would be less intrusive on the private sector than proposed Senate legislation and a plan by President Obama.

The FDIC has issued revised guidance describing potential risks associated with relationships to third-party payment processors. What are regulators' new risk-management expectations of banks?

"Iran's intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity," National Intelligence Director James Clapper says.

"These changes might not otherwise be troubling but for one significant change to your terms of service: Google will not permit users to opt out," the leaders of a House panel say in a letter to Google CEO Larry Page.

The University of Hawaii has agreed to settle a class action lawsuit involving data breaches affecting about 96,000. It agreed to provide those affected two years of free credit monitoring and credit restoration services.

IT security provider Symantec says it identified multiple publisher identifications on the Android Market that are being used to push out Android.Counterclank, which it characterizes as a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.