NIST will soon start writing the "final" version of its cybersecurity framework, a guide to information security best practices for operators of the nation's critical infrastructure. But should it be beta tested?
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
Wayne Dunn, CTO of HarborOne Bank in New England, says improving vendor management is a top security priority for institutions in 2014. As more core banking functions are outsourced, due diligence becomes increasingly critical.
Attempts to shame China haven't been effective in stopping that country from pilfering intellectual property from the computers of American companies, according to a new report to Congress from a special commission.
In case you missed ISMG's 2013 Fraud Summit - or even if you were there and want to share insights with colleagues - I'm pleased to announce the availability of a series of session videos featuring top fraud experts.
Jeh Johnson has cleared a major hurdle to becoming the next Homeland Security secretary and a chief advocate for the administration's cybersecurity policies. But it's unclear when the full Senate will vote on his nomination.
Figuring out how Edward Snowden breached NSA computers is sort of like solving a puzzle. Take public information and match it with an understanding of how organizations get hacked, and the pieces seem to fall into place.
Attorneys discuss the significance of the 10-year prison sentence for hacker Jeremy Hammond, who pleaded guilty in connection with a 2011 breach of Stratfor, a global intelligence firm that provides services to the U.S. government.
Google has agreed to a $17 million settlement with 37 states and the District of Columbia over its unauthorized placement of cookies on computers using Apple Safari Web browsers, which the states claim was a privacy violation.
The breach of a card loyalty marketing company has reignited discussions about the roles banking institutions, regulators and others play when it comes to mitigating third-party risks. Where should the buck stop?
Jeh Johnson, at his confirmation hearing to be the next Homeland Security secretary, pledges to fix internal cybersecurity problems at DHS before seeking further authority to have the department help other agencies get their IT security houses in order.
A new set of patent infringement suits is targeting payment card networks, payment processors and e-commerce sites. Meanwhile, the American Bankers Association has endorsed pending federal legislation designed to help curb these legal actions.
As efforts to fix technical glitches on the HealthCare.gov website for Obamacare continue, taking steps to ensure security should be a top priority. Otherwise, efforts to build trust in the system will fail.
New payment card security standards issued by the PCI Council include a number of improvements, plus some glaring omissions, such as requirements for mobile, security experts say. What are their chief concerns?