2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
The bring-your-own-device trend is increasing, but work-place policies are not. ISACA's Ken Vander Wal says low employee awareness and the absence of any BYOD policy are to blame. So what can organizations do to fill their security gaps?
BITS president Paul Smocer says banks can expect an uptick in cybersecurity-focused legislation in 2012. What impact will changes from Capitol Hill have on requirements for data breach notification, information sharing and critical infrastructure?
A wave of security breaches serves as a catalyst for all types of organizations to assess the need for cyber insurance. Here's the story of one institution that saw the threat and took out a $10 million policy.
Most organizations remain uncomfortable in letting their employees use their own mobile devices to access their IT systems. Yet, in many instances, those charged with securing their enterprises' IT understand that it's just a matter of time before they must grant workers permission to employ those devices.
Unfortunately, says Ken Vander Wal, most organizations have done little to address security in their policies and procedures regarding BYOD, which is changing the ways companies address user behavior and risk.
Improving mobile device security is one of the top information security priorities for the coming year, according to our new Healthcare Information Security Today survey. And that's not surprising, given the recent surge of interest in tablets, smart phones and other mobile devices.