2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
The draft legislation would have the Department of Homeland Security conduct risk assessments on critical national IT systems and lead efforts to adopt use of new technologies and practices to keep pace with emerging cyberthreats.
A card compromise at a California-based grocery chain has raised questions about the efficacy of PCI-DSS. Experts say even if merchants are compliant, fraudsters can easily get around the security measures.
"Cybersecurity remains a priority for my administration, and we are committed to protecting our critical infrastructure by taking decisive action against cyberthreats," President Obama says in a proclamation designating December Critical Infrastructure Protection Month.
Legislation to give the federal government authority to share classified cyber-threat information with approved American companies was introduced in the Congress by the chairman and ranking member of the House Intelligence Committee.
NICE's Ernest McDuffie says a proposed cybersecurity workforce framework represents a consensus of government thought on how best to define the jobs, skills and tasks needed to secure information technology.