John Kelly, in his first speech as the U.S. homeland security secretary, says the American government can't combat the cyberthreat without the active collaboration of the private sector. "The government, God knows, can't do it by itself," Kelly says.
Now that President Donald Trump has signed legislation to eliminate the Federal Communications Commission's oversight of the way internet service providers sell their customers' information, could other jurisdictions - such as states - step in?
Republican-backed legislation is a presidential signature away from dismantling a Federal Communications Commission regulation to require internet service providers to ask permission before selling customers' private information to advertisers.
The Department of Homeland Security, which missed meeting last week's deadline for submitting a new cybersecurity strategy to Congress, could be months away from providing lawmakers with that policy, a top DHS cybersecurity official says.
An Obama-era regulation, which has yet to take effect, that aims to strengthen consumer's online privacy may be derailed. The Senate has voted along party lines to quash the rule that the FCC issued in October.
New Mexico lawmakers have overwhelmingly approved the Data Breach Notification Act. If signed, as expected, by Gov. Susana Martinez, Alabama and South Dakota would be the only states without such a statute.
Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald Trump's presidential campaign and Russia's actions to influence the U.S. presidential election.
A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
Responding to disruptive data breaches, dealing with Mirai botnets, hacking back and the need for enterprises to segment their backup environments were just some of the topics dominating this year's RSA Conference in San Francisco.
Amidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.
Australia's Parliament has passed a mandatory data breach notification law that requires some organizations to tell consumers and regulators about an incident within 30 days or face hefty fines. But one security expert says the law has gaps that could pose risks.
Cloud computing initiatives, network monitoring and risk management are driving network security operations. Meanwhile, federal agencies face record levels of threats yet still rely on manual processes and outdated point tools. Agency network security operations must be modernized to streamline network security...
As ransomware attacks continue to plague organizations in healthcare and other sectors, Maryland is considering legislation specifically identifying ransomware attacks as a crime punishable with prison sentences. California and Wyoming are among the states that have enacted somewhat similar legislation.
Certification and accreditation (C&A) has been like alphabet soup. As it transitions to assessment and authorization (A&A), it's time to sort through the confusion and identify which terms and processes apply in any given situation.
This paper sorts through the confusion to identify which terms, approaches, and...