In many enterprises, the CISO reports to the CIO, and occasionally you find a CIO who reports to the CISO. But Venafi's Tammy Moskites holds both roles. How does she manage the natural tension between IT and security?
The PCI Security Standards Council envisions a single, globally-unified data security standard. Now that the European Card Payment Association is a strategic regional member, that goal is significantly closer, says Jeremy King, the council's international director.
Cambridge Savings Bank in Massachusetts is incorporating biometrics into its online and mobile banking platform as a way to limit, and in some cases remove, the need for username and password authentication. In this case study interview, two bank executives discuss what others can learn from the project.
The Department of Justice has been granted a delay of a March 22 hearing relating to a court order compelling Apple to help the FBI unlock the iPhone 5C issued to San Bernardino shooter Syed Rizwan Farook. That's because it says it may have found a way to unlock the phone without Apple's assistance.
In the world of the extended enterprise, everybody seeks greater visibility into network activity. But Gidi Cohen was there in 2002, founding Skybox Security to provide analytics to improve cybersecurity. Cohen discusses the evolution of visibility.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
Apple has unloaded another blistering legal response to the Justice Department over the court order obtained by the FBI that requires the company to help unlock an iPhone used by one of the San Bernardino shooters.
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
Without saying the word "backdoor," President Barack Obama used an appearance at the South by Southwest conference to argue that law enforcement agencies need weak crypto and likened strong crypto to "walking around with a Swiss bank account in [your] pocket."
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
Credit card and other personal information was exposed in a data breach of Internet hosting provider Staminus Communications, which specializes in protection against distributed denial-of-service attacks. The company hosts the website of the Ku Klux Klan white supremacist group, which was also brought down.
The FBI calls ransomware "a prevalent, increasing threat." One recent campaign earned at least $325 million in global profits, while U.S. victims tell the FBI they paid $24 million in ransoms in 2015. And attackers are plowing profits back into improving their malicious code.
In a filing rebutting Apple's appeal of a court order requiring the company to help the FBI unlock the iPhone used by a shooter in the San Bernardino massacre, the Justice Department says Apple's rhetoric is "false" and "corrosive" to the institution that safeguards Americans' liberties and rights.
We all realize that the black hats are typically a step ahead of the white hats. But do we accept that our own security controls are contributing to the deficit? Sam Curry of Arbor Networks describes how security leaders can regain their lead in this video interview.