"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
Ineffective or noncompliant security practices of service providers, the inability of customers to examine controls, the prospect of data leakage and the loss of data if a cloud service is terminated present challenges.
Deputy Defense Secretary William Lynn III cautions that cuts to IT security initiatives, when they come, must be carefully applied, and certain areas must remain exempt from the budget ax, such as cybersecurity.
"Organizations are putting in layers of security and tools to safeguard information and assets, however, the fraudsters are attacking our weakest link, the consumer," says Anthony Vitale of Patelco Credit Union.
House Republicans issue their cybersecurity legislative agenda that, in many respects, parallels the goals offered by the Obama administration and Senate Democrats, but it definitely has a GOP tinge to it.
Eric Rosenbach works with Defense Secretary Leon Panetta and other top DoD leaders to formulate, recommend, integrate and implement policies and strategies to improve the Defense Department's ability to operate securely in cyberspace.
RSA Chief Executive Art Coviello challenged a widespread belief that cybersecurity awareness could curb cyberthreats: "There's no amount of consumer education to make them smart enough to resist attacks. They're just too sophisticated."
In recent years, the government has taken steps to improve federal IT infrastructure. While the 9/11 terrorist attacks were certainly a wake-up call, legislation and reform was always inevitable, says Mark Forman, former federal CIO.
Security incidents reported over the past five years have placed the confidentiality, integrity and availability of sensitive government information and information systems at risk, an annual GAO review reveals.
New guidance from the National Institute of Standards and Technology defines an information security continuous monitoring strategy and shows how organizations can create an information security continuous monitoring program.