Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
Congressman Will Hurd has a simple request for U.S. government agencies: Have you been using vulnerable Juniper Networks devices? But Congress needs to consider tougher questions about its culpability in this backdoor debacle.
Cybercriminals are in mourning after the shocking announcement from Oracle that it will deep-six its beloved Java Web browser plug-in technology, owing to browser makers failing to support "standards based" plug-ins.
It's time to start to think about the cybersecurity agenda for the 45th president of the United States, who takes office a year from this week. What's on your list of cybersecurity challenges the next president must tackle?
Tracing bitcoin transactions, some security experts suspect multiple gangs have each amassed more than $1 billion, making them the equivalent of "unicorns" - a term venture capitalists apply to extremely successful startup firms. In case there was any doubt, cybercrime really does pay.
An inspector general report on a Federal Reserve audit raises more questions than it answers regarding the security risks facing one of the Fed's information systems. The executive summary of the audit fails the transparency test to inform the public.
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
To help train more cybersecurity professionals, academia must work with business and government to find enough qualified trainers and educators, says George Washington University Professor Diana Burley.
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Security experts are warning that Internet-connected devices - including toys - should be treated as insecure and untrusted until proven otherwise. Have our collective information security shortcomings ever been more seasonally appropriate - or scarier?
A U.S. House committee recently passed legislation that's aimed at helping law enforcement bring to justice cybercriminals from other nations who buy and sell payment card data stolen from U.S. citizens. But would it really help the global fight against cybercrime?
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.
Too many security awareness and education programs fail because they're boring, says Lance Spitzner, research and community director for the SANS Institute's "Securing the Human" program. Read his suggested fixes.
NICE's Rodney Petersen sees too many government agencies and businesses using old-school methods to identify and recruit IT security professionals. Consequently, they often fail to build their cybersecurity staffs.