Components manufactured overseas that go into IT products used by the U.S. government could be exploited by foreign intelligence agents to degrade the security of critical federal government networks and data, the GAO reports.
The Defense Department will employ a two-prong approach - securing the perimeter as well as the data - as it develops its cloud-computing architecture. "We're going to be able to better protect as we get more standardized," CIO Teresa Takai says.
As one team of researchers analyzes a new version of Duqu, a worm related to the Stuxnet Trojan blamed for disabling Iranian centrifuges used to enrich uranium, other researchers zero in on who is behind the worm discovered last fall.
Protecting the availability, confidentiality and integrity of information are the core tenets of IT security. But an FBI cybersecurity leader, Steve Chabinsky, suggests the central theme of IT security needs to be broadened to include assurance and attribution.
Cloud-computing service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer Françoise Gilbert says.
Customer awareness is important, especially as a fraud detection/prevention tool. Read how one sharp-eyed UPS driver recently helped foil an ATM skimming scam at a bank in New York.
NIST's latest guidance adds controls that reflect the rapidly changing computing environment, but the fundamentals of implementing controls haven't changed, Senior Fellow Ross says in a video interview.
With many new security solutions in the marketplace, patent law is a concern for organizations that are creating solutions and one they need to address. Attorney James Denaro offers advice.
Organizations are urged to adopt six principles to avoid the perils of transferring IT decision making away from technology specialists to business unit leaders.
Apple's introduction of its third iteration of the iPad e-tablet, coupled with the growing popularity of cloud computing, could lead to new methods of enterprise computing and IT security, Delaware Chief Security Officer Elayne Starkey says.
The Texas Department of Banking has partnered with the U.S. Secret Service to help banking institutions prevent ACH/wire fraud. What are this new task force's key recommendations?
Imperva would neither confirm nor deny it helped defend the Vatican website from a hacktivist assault last year, but the IT security provider's director of security, Rob Rachwald, explains how such an attack was constructed and defended.
Not all hackers are the same, and that presents problems in defending against them. Understanding each type of hacker can help organizations better prepare for digital assaults.
Michael Benardo of the FDIC says banking institutions can expect more scrutiny about the due diligence they conduct on payments processors and merchants. What are the top risks institutions must address?
IT security practitioners who employ the RSA public-private key cryptography needn't lose sleep about its efficacy, despite new research that raises questions on how it creates large prime numbers to generate secret keys, IT security authority Gene Spafford says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.