Bankers are criticizing one federal regulatory agency for how it has responded to a breach of unencrypted consumer data that occurred during a routine banking exam. They're saying regulators should focus more on their internal security practices.
Put together, two IRS audits illustrate a major concern many security pros have about FISMA audits: They're checklists of whether organizations comply with regulations that require specific processes but do not determine if the processes are effective.
Federal government auditors have identified weaknesses in the technical controls protecting the security of the federally run Obamacare HealthCare.gov website and systems, which they say create increased and unnecessary risks.
To protect their privacy, organizations should get their IT security staffs involved in vendor-requested audits conducted to verify software licensing agreement compliance, says Gartner Research Director Victoria Barber.
A combination of technical and managerial problems set the stage for hackers to breach a Department of Energy database last summer, a new report shows. The incident cost the department millions of dollars.
All businesses, regardless of industry, need to manage the exploding universe of identities, devices and data that employees require to do their jobs. And the growing use of mobile devices and cloud computing means risk management and compliance is extending beyond traditional enterprise boundaries. Add regulatory...
Britain has an IT skills gap problem, not unlike its American cousin's, as well as nearly every other nationality. Besides technical experts, society needs psychologists, law enforcers, strategists, risk managers, lawyers and accountants with cyber know-how.
Revision 3 of the National Institute of Standards and Technology's Interagency Report 7511 defines the requirements and associated test procedures necessary for products to achieve one or more Security Content Automation Protocol validations.