NIST is revising a map that links its core security controls, SP 800-53, to those published by the International Organization for Standardization, ISO/IEC 27001, to help protect data shared among government agencies and businesses.
The explosion in POS malware attacks against U.S. merchants highlights the need for retailers to take bolder security steps. Troy Leach of the PCI Council and Karl Sigler of Trustwave outline key steps.
An investigation into a suspected breach at JPMorgan Chase suggests that attackers used highly customized malware, and exploited multiple zero-day vulnerabilities, to breach the bank's network, according to news reports. But were other banks hit?
Too many organizations fail to adequately manage and secure their SSH keys, even though the keys secure everything from file transfers and backups to patching and database management, NIST warns in new draft guidance.
A Twitter chat featuring Gartner's Avivah Litan offered a lively discussion of numerous fraud-related issues, including card breaches, weak authentication and the need for mobile scrutiny. We'll host more chats soon.
Initial reports suggested that Russian hackers could behind an attack against JPMorgan Chase, and perhaps other U.S. banks. While it's still far from clear who the culprits are, experts discuss the potential hacking motivations of a nation-state.
Early reports suggested Russian hackers are behind complex attacks and network intrusions at multiple U.S. financial services firms, including JPMorgan Chase. But security experts warn against jumping to conclusions, based on scant evidence.
Russian hackers stole data from JPMorgan Chase and at least one other bank in a mid-August attack against the U.S. financial system, according to a Bloomberg news report. The attack allegedly resulted in the loss of "gigabytes" of sensitive data.
In an in-depth interview, Adam Sedgewick, the point man for the NIST cybersecurity framework, addresses misconceptions about the guidance, the costs to implement it and its role as a marketplace catalyst.
Canada is considering adopting tougher data security and cybercrime legislation that could serve as a model for other nations, says Claudiu Popa, an information security expert who'll be a panelist at the Fraud Summit Toronto.
A Google-like search engine known as ICReach has enabled government agencies to share more than 850 billion records from phone calls, e-mails and Internet chat sessions, according to a report that cites leaked documents from Edward Snowden.
What lessons can be learned from recent high-profile breaches? IT security experts John Pescatore of the SANS Institute and Ron Ross of NIST explain how organizations can work to mitigate the new-style data breach threat. Listen to the conversation.
Security intelligence firm LogRhythm has launched what it calls a "threat intelligence ecosystem" in collaboration with five other security vendors, giving customers the ability to customize the information they want in their intelligence feeds.