Government Accountability Office auditors have identified weaknesses in information security controls at the Securities and Exchange Commission that jeopardize the confidentiality and integrity of the SEC's financial information.
Securing the massive amounts of data swamping organizations, a trend known as big data, can be addressed, in part, by organizations simply getting rid of data no longer needed, Grant Thornton's Danny Miller says.
CIO Roger Baker concurs with auditor's recommendations, saying the Department of Veterans Affairs has "embarked on a cultural transformation" and that "securing information is everyone's responsibility."
Ignorance is not bliss. Two new studies, when viewed together, show that consumers' ignorance of the consequences of their actions coupled with enterprises' unawareness of their computing environment equal unacceptable risk.
As enterprises spend frugally on IT security, cybercriminals aren't, and that presents big problems for organizations working feverishly to secure their digital assets, says Steve Durbin, global vice president of the Information Security Forum.
Legislation being drafted by an influential Republican House chairman to reform the Federal Information Security Management Act could, if enacted, reverse Obama administration policy on how IT security is governed in the federal government.
Increasingly, social engineers target unwitting insiders to plunder organizations' financial and intellectual assets. How can you prevent these and traditional inside attacks? CMU's Dawn Cappelli offers tips.
Components manufactured overseas that go into IT products used by the U.S. government could be exploited by foreign intelligence agents to degrade the security of critical federal government networks and data, the GAO reports.
As one team of researchers analyzes a new version of Duqu, a worm related to the Stuxnet Trojan blamed for disabling Iranian centrifuges used to enrich uranium, other researchers zero in on who is behind the worm discovered last fall.
The Defense Department will employ a two-prong approach - securing the perimeter as well as the data - as it develops its cloud-computing architecture. "We're going to be able to better protect as we get more standardized," CIO Teresa Takai says.