The Department of Homeland Security is undertaking nine private and three public cloud computing initiatives, establishing private cloud services to manage sensitive but unclassified information while using the public cloud for non-sensitive data.
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Information security poses a major challenge to the widespread adoption of cloud computing, yet the Cloud Security Alliance, an association of cloud stakeholders, sees the cloud as a provider of information security services.
In the wake of today's evolving threat landscape, the FFIEC recommends a robust, layered security program that includes the use of dual customer authorization through different access devices. Strong authentication when combined with federated SSO (single sign on) standards can strengthen, accelerate, and provide key...
"The more that you could focus in on computer science topics, to understand programming, network-based technology and mobile-based technology, the better off you're going to be," says Rob Lee of SANS Institute.
With the extension of ENISA's mandate into 2013 by the European Parliament & Council, the agency can continue to educate and collaborate with other nations on cybersecurity issues, an area of constant importance.
Tokenization is a rising data security model that is gaining traction with CISOs for reducing risk and complying with industry data security mandates and privacy laws in extended heterogeneous IT environments.
This presentation will introduce tokenization to IT and Security professionals using some practical,...
ISACA's Marc Vael says differences in cloud computing environments and cloud providers can pose security risks. But well thought-out contracts and risk-management plans can fill potential security gaps and ensure business continuity during outages and disasters.
Because information security threats know no borders, the European Network and Information Security Agency is working hard to ensure the solutions span nations, too, says Prof. Udo Helmbrecht, ENISA's executive director.
Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.