The Defense Department hopes to prevent future WikiLeaks-style breaches by employing public key infrastructure-based controlled access cards, but that solution won't be fully in place until mid-2013, DoD CIO Teresa Takai says.
Banking/security leaders aren't crazy about banking regulators telling them they could have done a better job detecting ACH fraud, and they're eager for more specific guidance on what to do going forward.
Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
Homeland Security's U.S. Citizenship and Immigration Services IT systems are vulnerable to insider threats, according to a report by the Insider Threat Center at CERT, part of the Software Engineering Institute at Carnegie Mellon University.
Physicians adopting electronic health records systems need to demonstrate to their patients that they're taking adequate steps to keep records secure because so many consumers are worried about health information privacy.
Once a CEO understands the value and risks catered through mobile functionality, it is easier to discuss mobile innovations, policy and how the company can then strike a balance to meet customer and employee requirements.
The survey of local, state and federal IT security practitioners also shows a lack of faith in secure cloud computing. Half see insider threats and poor practices as their agencies' greatest vulnerabilities.