The new virtualization guidance issued by the PCI Security Standards Council urges organizations to take a risk-based approach when dealing with virtualization methods, especially within cardholder data environments.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
Organizations are starting to adapt to cloud computing, but they're hesitant about placing their core assets in the online environment, according to results from the 2011 ISACA IT Risk/Reward Barometer.
What's the top threat on the minds of global IT leaders? Employee-owned mobile devices - or BYOD (bring your own device), as the trend is known. The struggle: Do mobile device benefits outweigh the organizational risks?
How can organizations best mitigate risk and meet increasingly stringent compliance requirements in the face of infrastructure transition and pressure to control costs? The answer: Virtual and cloud-based solutions. Unfortunately, these solutions introduce significant challenges with respect to security, audit and...
As banking institutions seek tremendous cost savings from cloud infrastructure and services, two key factors must be considered: The Patriot Act, which has strict stipulations regarding access to data and where it is stored, and the protection of data -- even from third party service providers.
Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies, has been in privacy management for more than a decade, and he has two main concerns about today's enterprise: Mobile technology and cloud computing.
When it comes to hot topics, they don't get hotter than authentication, cloud computing and IT governance - all of which I've discussed at length in recent interviews with industry thought-leaders. Let's review some highlights from these conversations.
Globally, countries and organizations now recognize the need for a unified approach for managing IT infrastructure services, says Marlin Pohlman of the Cloud Security Alliance. The trick is developing this new set of global standards.
"On a global basis, countries are recognizing that they need a uniform commercial code, if you will, for data - a unified approach for managing IT infrastructure services," says Marlin Pohlman of the Cloud Security Alliance.
A focus on cost and speed, not on data protection, creates a security hole, a survey of cloud computing service providers reveals. Nearly two-thirds of providers say they aren't confident cloud apps are sufficiently secured.