A just released update to the FFIEC's Cybersecurity Assessment Tool helps make meeting regulators' demands for "baseline" cybersecurity more attainable, says Amy McHugh, a bank adviser and former IT examination analyst for the Federal Deposit Insurance Corp.
In the wake of the London Bridge attacks, Stella Rimington opened the Infosecurity Europe conference in London with lessons learned from her tenure as director general of Britain's domestic security service, MI5.
A 25-year-old federal contractor has been arrested and charged with leaking a top-secret NSA document that describes Russian efforts to compromise the U.S. election. The arrest was announced just hours after a news outlet, The Intercept, published a report based on the classified material.
A discussion analyzing the difficulty of striking a balance between IT functionality and cybersecurity leads the latest edition of the ISMG Security Report. Also featured: Updates on sizing up weaknesses in biometrics and the potential to exploit LED lights to leak sensitive data from routers.
Flaws in Subaru's telematics software, discovered by a security researcher, could have been exploited to unlock the doors or provide remote access to a car's location history. The problems - now fixed by Subaru - underscore carmakers' ongoing cybersecurity challenges.
On the eve of Europe's biggest annual cybersecurity conference, and scores of interviews with some of the world's leading information security experts, I'm asking how the London Bridge attacks will change the tenor of at least some of these discussions.
The annual Infosecurity Europe conference returns to London this week, offering discussions of the latest information security practices, procedures and technologies as well as deep-dives into privacy, cybercrime, policing, surveillance, GDPR and more.
Outdated policies, lax regulatory oversight and bureaucracy have stunted more advanced cybersecurity investments at some organizations that provide the nation's critical infrastructure, says Brian Harrell, the former director of critical infrastructure protection at the North American Electric Reliability Corp.
Today's cybersecurity industry is far too focused on keeping bad guys out, says Chris Pierson of Viewpost. Organizations need to pay more attention to keeping data inside the enterprise, he says, describing how to make the shift to a focus on limiting exfiltration.
Kmart has suffered a data breach affecting "some, not all" of its 735 U.S. locations as a result of its point-of-sale systems being infected by malware designed to siphon payment card data. The retailer described the malware as "undetectable by current anti-virus systems and application controls."
It's a tried and true military tradition: ISR, or Intelligence, Surveillance and Reconnaissance. But the practice is gaining traction in enterprises as well, and especially within cybersecurity, says Christopher Cleary of Tenable Network Security.
Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.