"Organizations have to be able to develop their security plans that really talk to their specific mission," National Institute of Standards and Technology's Ron Ross says. "The overlay concept is introduced to allow that specialization."
Dan Holden is among the DDoS experts saying banks should expect hacktivist attacks to resume soon. "It may not be next week, but I would be surprised if we did not see attacks resume the week after that."
As a result of a major breach of the state's tax system, South Carolina is considering creating a federated model of IT security governance. The plan would create a central organization to determine policies, with individual agencies implementing them.
Ronald Sanders says it isn't easy to answer the question of whether the information security field should be professionalized. The former human capital officer at the Office of the Director of National Intelligence explains why.
Malware attacks against retailers are becoming more common. Many breaches linked to these attacks could be prevented, experts say, if merchants took more steps to lock down networks and point-of-sale devices.
A key difference between state-sponsored espionage and organized criminals or hacktivists is the level of persistence and determination to break through defenses. Here's advice from security experts on defending against nation-state attacks.
The biggest lesson banking institutions can learn from this week's reported $45 million global cyberheist: Old attacks always return. Learn why thwarting these coordinated fraud schemes is challenging.
Payment data and personal information are both attractive targets for criminals, says breach investigator Erin Nealy Cox of forensics firm Stroz Friedberg. Learn why she says card data isn't the only lucrative target.
In light of evolving fraud threats, financial institutions increasingly are turning to two-factor authentication solutions. Alex Doll, CEO of OneID, offers advice to help institutions make the right choices.
Federal prosecutors have charged eight individuals in a massive cybercrime operation that involved hacking into payment card processors' networks, manipulating prepaid debit cards and withdrawing $45 million from ATMs worldwide.