In light of what is being called one of the largest breaches in U.S. government history at the Office of Personnel Management, every agency needs to be asking if their investments in data security are being managed appropriately. In absence of an appropriate risk-based approach, agencies can invest significant...
When IT veteran Branden Spikes founded his own company devoted to isolating browsers from attacks, he thought building the technology would be the top challenge. The venture capital community proved him wrong.
Retailers cannot avoid innovation. Yet, cybercriminals thrive when retailers innovate. What, then, can retailers do to stop cybercriminals from breaching their defenses? Here are three key questions to answer.
When IBM unveiled BIOS - Basic Input/Output System - in 1981 with the introduction of its personal computer, few perceived it as a security threat. But now, NIST has issued a new guide to mitigate BIOS vulnerabilities in servers.
Organizations across all industry sectors understand the importance of information security. But turning security awareness into meaningful action - that's the challenge that many midsized entities face, says Sophos' Nick Bray.
As Congressional leaders look for answers about why U.S. card security is failing, there hasn't been enough discussion surround why EMV can't easily fix our system. And the card brands have been conspicuously absent from the debate.
Modern financial malware like Zeus or Citadel can empty bank accounts in seconds. Through 2014, this widespread threat will continue to grow unabated.
This paper discusses two of the primary mitigation vectors that can be used against powerful financial malware, including:
Backend protection and specialized...
When it comes to endpoint security, large organizations find themselves in a difficult situation. Most enterprises have host-based security software (i.e., antivirus software) installed on almost every PC and server, yet their IT assets are constantly attacked - and often compromised - by sophisticated malware and...
Although skimming attacks are still the greatest ATM fraud concern, experts warn that a new malware strain that targeted ATMs in Mexico may signal a shift and raises questions about software and operating system vulnerabilities.
Five years ago, life was much easier for security professionals. They could collectively focus on compliance and deploy mature controls like firewalls and anti-virus to defend against largely unsophisticated attackers. Security professionals now face much more sophisticated adversaries and tactics. This new
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.