With the Senate Intelligence Committee overwhelmingly approving the Cybersecurity Information Security Management Act, common wisdom dictates the bill will head directly to the Senate floor. Not so fast.
Banking institutions must improve how they analyze cyber-threat intelligence. But without better tools, security leaders can't adequately anticipate new attacks, says Greg Garcia, the new executive director of the FSSCC.
A report from the Rand Corp. says the dearth of cybersecurity professionals puts the U.S. at risk, but the situation should improve. The NSA, however, is successfully attracting IT security specialists.
A call center worker at the Connecticut health insurance exchange loses a backpack containing notepads containing sensitive consumer information. Investigators want to know why the paper-based information left the building.
Banking experts say the Retail Industry Leader Association's launch of a cyberthreat information sharing initiative is a good first step toward thwarting breaches, but it should build on the models used by other industries.
Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.
The recent Verizon Data Breach Investigation Report notes more than 16,000 incidents in the past year where sensitive information was unintentionally exposed. "Nearly every incident involves some element of human error," the report notes.
To help address the shortage of qualified cybersecurity professionals, (ISC)Â² is offering colleges and universities a variety of assistance with bolstering cybersecurity education and preparing students for certification.
President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
In many if not most enterprises, the chief information security officer reports to the chief information officer. After all, enterprises cannot function without IT, and security is a support function to safeguard data and systems. Or is it?