What's missing from remarks by Defense Secretary Leon Panetta, Senate Majority Leader Harry Reid and others is how the stalemate that led to the filibuster of the Cybersecurity Act could be resolved. Will the election make a difference?
Healthcare providers often fail to conduct comprehensive, timely risk assessments, as required by regulators. But security expert Kate Borten says they can leverage new guidance to help get the job done.
RSA says 30 U.S. banks are potential targets of a massive Trojan attack, and alleged hacktivists say three more institutions will be hit by DDoS attacks this week. How must banks respond to the latest threats?
"Any bug, beacon or backdoor put into our critical systems could allow for a catastrophic and devastating domino effect of failures throughout our networks," says Mike Rogers, chairman of the House Select Committee on Intelligence.
As the overall number of "true exploits" have decreased, targeted ones - especially those initiated by criminals or nation states - are becoming harder to detect, say Rick Miller, director of IBM Managed Security Services.
A wave of distributed denial of service attacks on banks raises the question: Should the owners of the nation's critical information infrastructure, when assessing risk, be held to a higher standard because society relies on them to function?
The gut feeling many people have about their physical security hasn't quite developed in the digital world, presenting a challenge for homeland security officials, says State of Delaware Homeland Security Adviser Kurt Reuther.
NIST's Ron Ross, one of the world's top information risk thought leaders, says new guidance he co-wrote doesn't dictate how organizations must approach risk assessment, but gives enterprises options on how to conduct risk appraisals.
The guidance discusses methods, techniques and best practices for the sanitization of target data on different media types and risk-based approaches organizations can apply to establish and maintain a media sanitization program.
The new report aims to help access-control experts improve their evaluation of the highest security access-control systems by discussing the administration, enforcement, performance and support properties of mechanisms that are embedded in each system.