The FFIEC's Cybersecurity Assessment Tool needs to be redesigned, as the tool's current design sets institutions up for cyber-risk assessment failure. Industry leaders say they're hopeful that change is on the way because the FFIEC is reviewing a second wave of comments about the tool's efficacy.
Reliable data specifying the number of people employed in the United States in cybersecurity field is hard to find. But one government survey shows a 5 percent increase among information security analysts in 2015.
As Art Gilliland, CEO of Skyport Systems, assesses cybersecurity in 2016, he sees distinct strengths, weakness and opportunities for the next generation of leaders. The question is: Where will we find these leaders?
When it comes to threat detection, spotting malicious insiders is one thing. They often leave a trail. But how do you protect against the accidental insider threat? Mike Siegel, VP of Products at Forcepoint, shares strategy and solutions.
Hackers have reportedly gained access to the accounts of dozens of Fitbit wearable fitness device users. The incident shows why device manufacturers need to get more serious about privacy by design.
The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
After a data breach, how can organizations cooperate with law enforcement without increasing the likelihood they'll face civil lawsuits? By sticking to the basic facts, says T.C. Spencer Pryor, partner at the law firm Alston & Bird, in this video interview.
Attorney Kevin McGinty analyzes the potential impact of a Massachusetts judge's unusual decision to allow a class-action lawsuit stemming from a health data breach to proceed, despite a lack of evidence of harm stemming from the incident.
The Federal Trade Commission's latest cybersecurity-related enforcement action points to the need to carefully scrutinize the claims software companies make about the security functions of their products.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
Expect rebooted European Union data privacy rules to drive organizations worldwide to begin minimizing the amount of information they collect and store on individuals in 2016, both to protect privacy as well as minimize the impact of data breaches.
An inspector general report on a Federal Reserve audit raises more questions than it answers regarding the security risks facing one of the Fed's information systems. The executive summary of the audit fails the transparency test to inform the public.
Is the agency that enforces HIPAA doing enough to make sure that organizations that have had multiple smaller health data breaches are taking steps to improve security?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.