Playing by the rules is tough if the rules aren't available. That's why it's essential that federal authorities release a long list of pending regulations that affect privacy and security.
Understanding threats and identifying modern attacks in their early stages is key to preventing subsequent compromises, and proactively sharing information among organizations is an increasingly effective way to identify them.
More organizations are expected to purchase cyber insurance in the coming years as risk managers become more involved in buying these types of policies.
The United Kingdom and the United States are both cracking down on healthcare organizations that have experienced information breaches. But they're taking very different approaches. Which approach will prove most effective?
The benefits from employing social media as a way to connect with stakeholders outweigh the risks, says David Bradford, the editor of a new survey of risk managers. Still, he says, the risks must be adequately addressed.
"We find it hard to believe that there are any reasons or basis to oppose this legislation," presidential counterterrorism adviser John Brennan says of the Cybersecurity Act of 2012. "I'm just very puzzled as to why individuals would oppose this."
Whether intentional or not, software features have the potential to leak sensitive information, corrupt data or reduce system availability. The National Institute of Standards and Technology's latest guidance aims to help organizations minimize vulnerabilities.
Security personnel should be required to prove not only that they know how to do things right, but also that they know how to do the right thing. They must demonstrate commitment to ethical behavior.
The National Institute of Standards and Technology says intrusion detection and prevention software has become a necessary addition to the IT security infrastructure of many organizations.
The truth about preventing a breach, like the advanced-persistent-threat attack RSA experienced in 2011, is that an organization can't defend critical systems alone, says RSA CISO Eddie Schwartz.
Medical identification theft is on the rise. Will healthcare reform, as recently affirmed by the Supreme Court, help reverse that trend? Here's why it's difficult to predict the impact of reform.
The smart grid is unlike any other type of critical information infrastructure, and its complexity creates a heightened challenge to secure it, says ENISA's Konstantinos Moulinos.
A successful organization in today's business world has most likely cultivated a "brand." Have you ever thought about creating your own brand to enhance your career?
In a tribute, we remember Terrell Herzig, information security officer at UAB Health System, an innovator who was passionate about sharing best practices for protecting sensitive information.
While the overall numbers seem relatively small when the entire universe of cyber incidents is considered, they suggest the IT systems that control the critical infrastructure America's economy and society rely on to function are increasingly at risk.
