The Defense Department's plan to adopt NIST's risk management framework. means that, for the first time, defense, intelligence and civilian federal agencies will use the same set of risk management standards.
Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.
Organizations in all sectors can improve their compliance with the PCI Data Security Standard by taking five critical steps, says Rodolphe Simonetti of Verizon Enterprise Solutions, which just issued a new PCI compliance report.
The PCI Security Standards Council has no plans to modify its standards for payment card data security in response to high-profile payment card breaches at Target and Neiman Marcus, says Bob Russo, the council's general manager.
Because of increasing cyber-attacks against government agencies, the inspector general says it's crucial for the State Department to address the continuing weaknesses in its information security program.
Security & Risk professionals recognize the value and benefits of implementing an employee-monitoring program. Privacy advocates and Legal and Human Resources professionals see potentially unwarranted invasion of employee privacy as reasons not to monitor, or at least to restrict monitoring to instances where...
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
An independent presidential panel makes recommendations to limit the National Security Agency's surveillance methods, including curtailing the way the government systematically collects and stores metadata from Americans' phone calls.
Jeh Johnson, the new secretary of Homeland Security, is expected to become one of the top advocates of the administration's cybersecurity policy as the White House shifts more IT security responsibilities to DHS.
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
Financial institutions and businesses in other sectors must continually collect information about their online customers to ensure stronger authentication, says Avivah Litan, a fraud expert and analyst for the consultancy Gartner.