New Mexico lawmakers have overwhelmingly approved the Data Breach Notification Act. If signed, as expected, by Gov. Susana Martinez, Alabama and South Dakota would be the only states without such a statute.
Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald Trump's presidential campaign and Russia's actions to influence the U.S. presidential election.
A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
Responding to disruptive data breaches, dealing with Mirai botnets, hacking back and the need for enterprises to segment their backup environments were just some of the topics dominating this year's RSA Conference in San Francisco.
Amidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.
Cloud computing initiatives, network monitoring and risk management are driving network security operations. Meanwhile, federal agencies face record levels of threats yet still rely on manual processes and outdated point tools. Agency network security operations must be modernized to streamline network security...
As ransomware attacks continue to plague organizations in healthcare and other sectors, Maryland is considering legislation specifically identifying ransomware attacks as a crime punishable with prison sentences. California and Wyoming are among the states that have enacted somewhat similar legislation.
Certification and accreditation (C&A) has been like alphabet soup. As it transitions to assessment and authorization (A&A), it's time to sort through the confusion and identify which terms and processes apply in any given situation.
This paper sorts through the confusion to identify which terms, approaches, and...
Legislation to tighten insider threat defenses at the U.S. Department of Homeland Security has passed the House of Representatives and goes to the Senate, which failed to consider a similar measure that passed the House in the last Congress.
Looking to go at it alone when securing your public cloud environment? Without a clear understanding of its nuances, even the most state-of-the-art solution won't make it past an annual compliance audit.
This detailed guide is for those pursuing PCI DSS compliance on their DIY cloud security environment.
President Barack Obama has signed the National Defense Authorization Act, legislation that includes a provision he opposes to leave the leader of the newly-elevated U.S. Cyber Command as the head of the National Security Agency as well.
Today's ISMG Security Report leads off with House Homeland Security Committee Chairman Michael McCaul and DHS Secretary Jeh Johnson lamenting about the congressional bureaucracy that hinders passage of needed cybersecurity legislation.
President-elect Donald Trump hopes to dismantle Dodd-Frank, which could spell trouble for the Consumer Financial Protection Bureau - an agency created in 2010 to protect consumers from unfair, deceptive and fraudulent business practices.