Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Bringing Your Own Device raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, the trend will continue because that's what people want.
A legal dispute between a small merchant in Utah and its former payments processor has fueled a debate over contracts between merchants and acquirers. If successful, this case could spur contractual shifts that change the way card brands view liability after card breaches.
A breach is a disaster, says business continuity specialist Ken Schroeder. So organizing an effective breach-response team does not require a reinvention of the wheel. What it does require is a holistic approach.
Every organization likes its business continuity/disaster recovery plan before a disaster, says Al Berman of DRI International. But in the aftermath? Different story - and one that must be addressed in 2012.
Don't be too fast to blame Research In Motion for the disruption in BlackBerry service if your organization suffered from the lack of e-mail exchanges. It could be partly your fault, too, says noted infosec lawyer Francoise Gilbert.
In the areas of risk management and business continuity, security professionals have advanced significantly since Sept. 11, 2001. But there's still an issue of complacency that needs to be addressed, says Rolf von Roessing, past international vice president of ISACA.
Only one of three national breach notification bills that won approval in the Senate Judiciary Committee last week would address a gap in protections for healthcare information, says Harley Geiger of the Center for Democracy & Technology.