A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
While some healthcare organizations are quickly rolling out privacy and security policies for employee-owned mobile devices, others are moving slowly. What BYOD tips do healthcare security leaders offer?
PNC and Wells Fargo both reported only minor disruption from online traffic surges on Dec. 20. Has the strength of DDoS attacks subsided, or are banks getting better at defending against these strikes?
As the recent PATCO case shows, fraud litigation is moving away from just establishing damages. The key legal question now is: What is reasonable security? Attorneys discuss the 2013 fraud legal landscape.
Hacktivists announced Dec. 18 that they planned yet another round of distributed-denial-of-service attacks against five U.S. banks. Wells Fargo confirmed its online banking site experienced outages throughout the day.
The arrest of 10 individuals allegedly tied to a global phishing scheme that exploited Facebook is good news. But experts say banking institutions need to push stronger security and authentication to protect accounts.
A breach that resulted in a $1 million HIPAA settlement led Partners Healthcare in Boston to take many significant steps, including merging its privacy and security efforts, says CISO Jennings Aske. More changes are planned for 2013.
Eurograbber got banks' attention after compromising out-of-band authentication in Europe. But researchers say it's the knowledge of the hackers behind the attack, not the Trojan, that's most concerning.