Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
Breach notification is just one of the major topics ripe for legislative action in 2013. What are the other key areas of focus? Gain insight from this panel of three security and privacy attorneys.
Revision 3 of the National Institute of Standards and Technology's Interagency Report 7511 defines the requirements and associated test procedures necessary for products to achieve one or more Security Content Automation Protocol validations.
A strategic security analyst from Mandiant, the company that's examining recent hacks from the inside, explains why such cyber-assaults will likely intensify under the leadership of China's new president, Xi Jinping.
How can security pros help organizations prevent breaches and data loss? The Online Trust Alliance has released its latest guide to data protection and breach readiness, and OTA founder Craig Spiezle offers tips.
Although hacktivists announced suspension of DDoS attacks against banks, other industries are now getting hit, and banks can't afford to get complacent because of the fraud risk, says security specialist Bill Stewart.
In the past, the total cost of video security for financial institutions was traditionally focused on the purchase, operation and maintenance of the CCTV surveillance equipment. As digital surveillance systems became the industry standard, budgets had to be expanded to include IT infrastructure costs such as user...
ISACA, the global IT association, recently released COBIT 5 for Information Security - new guidance aimed at helping security leaders use the COBIT framework to reduce their risk profile and add value to their organizations. Join two ISACA leaders for an insider's look at how to use COBIT 5 for Information Security...
"The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," Twitter's Bob Lord says.
Although suggestions in a new Federal Trade Commission staff report do not have the force of law, they do provide guidance on how the agency could enforce American federal laws and regulations to protect the privacy of users of smart phones and tablets.
Containerization - it's the latest strategy for securing the critical data accessed by remote workers and mobile devices. How is the concept deployed? David Lingenfelter of Fiberlink offers insight.
"We felt that it was very important to come out with this and say this was how easy it is for them to break into any U.S. company, and here's how they're doing it," The New York Times' Nicole Perlroth says.
This report outlines Forrester's future look for mobile security and operations. Mobility holds the promise of fostering new innovations, reaching new audiences, and creating never-before-seen user experiences and opportunities. IT must embrace a "stateless" architecture where security controls are decoupled from the...
Although a hacktivist group says it has suspended distributed-denial-of-service attacks on U.S. banking institutions, banking and security leaders aren't convinced. "Banks should certainly remain on guard," says Gartner's Avivah Litan.
According to Forrester Research, bring-your-own-technology (BYOT) will remain a thorny issue for CIOs in every industry, geographic region, and company size over the next five years. They have recently published their 2012 report examining how and why bring-your-own-technology (BYOT) will vary across 20...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.