Ian Glover, president of the UK's Council of Registered Ethical Security Testers, has a message for individuals who want to enter the security testing profession today: No hackers allowed, thank you.
The Obama administration's plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, according to experts who raise open questions about the proposal.
Regulatory compliance expert Harry Rhodes says it's essential to have a formal process in place for objectively assessing whether a security incident needs to be reported as a breach.
Lacking technology is not the problem, says attorney Lucy Thomson. It's that today's technology is not being adequately used to fight modern cybersecurity threats.
"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect the intrusion quickly, all perhaps by design," Sony Computer Entertainment America Chairman Kazuo Hirai said in a letter to Congress.
From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Intel CISO Malcolm Harkins says the Sony PlayStation breach reminds CISOs in all sectors that such incidents can't be avoided, but their risks can be managed.
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," says Rickey R. Hass, deputy inspector general for audits and inspections.
Attackers could leverage vulnerabilities to gain control of air traffic control systems, with intruders using unprotected computers to compromise other systems that depend on the same network, a Transportation Department audit reveals.
It's been over three months since the accidental disclosure. When will the final FFIEC authentication update be released? "I don't think we're any less safe," says Gartner's Avivah Litan. "We just need to step up enforcements."
Gigi Hyland, board member of the National Credit Union Administration, says the latest draft of authentication guidance is awaiting final signoff from just one member agency of the Federal Financial Institutions Examination Council.
When it comes to authentication and identity management, state governments face challenges and vulnerabilities of their own making, says Brent Crossland of Entrust.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.
