Your ability to spot and stop cyber attacks depends on having the right security people, processes, and technology in place. HP Security Intelligence and Operations Consulting has assessed the security programs of dozens of enterprises. The results are concerning-24 percent of companies do not meet minimum...
Continuous monitoring is helping Freddie Mac reduce the number of security controls it uses to safeguard its information systems, says CISO Patricia Titus, who summarizes lessons that can apply to government and private-sector entities.
New guidance from NIST is aimed at helping federal agencies transition from a 14-year-old requirement to a new process that will assure continuously the security of their IT systems.
A DDoS attack against Ellie Mae, which provides technologies to mortgage originators, comes just as banking regulators issue a reminder about the risks associated with such attacks. Experts offer risk mitigation insights.
A class action lawsuit filed by two banks against Target in the wake of its 2013 breach has an unusual twist: It seeks damages from Target and Trustwave, allegedly the retailer's qualified security assessor. Experts offer an analysis.
A problem federal agencies face in deploying effective continuous monitoring is that there's just too much guidance, former federal chief information security officer Patrick Howard says.
Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.
Organizations in all sectors can improve their compliance with the PCI Data Security Standard by taking five critical steps, says Rodolphe Simonetti of Verizon Enterprise Solutions, which just issued a new PCI compliance report.
Security experts disagree about whether the breach of a refrigeration vendor is ultimately to blame for the network attack that compromised Target. Here, they explain their views.
The PCI Security Standards Council has no plans to modify its standards for payment card data security in response to high-profile payment card breaches at Target and Neiman Marcus, says Bob Russo, the council's general manager.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
An independent presidential panel makes recommendations to limit the National Security Agency's surveillance methods, including curtailing the way the government systematically collects and stores metadata from Americans' phone calls.
The financial services industry will make wider use of data analytics next year as the value of leveraging big data to help prevent or detect fraud becomes more clear, experts predict.
Financial institutions and businesses in other sectors must continually collect information about their online customers to ensure stronger authentication, says Avivah Litan, a fraud expert and analyst for the consultancy Gartner.
The initial phase of the continuous diagnostics and mitigation initiative, a new program to secure government computers, concentrates on helping federal agencies identify and manage their software and hardware assets.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.