Successfully implementing the SANS 20 Critical Security Controls requires far more than just deploying systems, platforms or services. Experts offer insights on effective strategies for leveraging technical controls.
Hackers allegedly trafficking in personally identifiable data have reportedly breached the computers of three major data aggregators, raising doubts about knowledge-based authentication as a tool to verify identity.
Although the U.S. and Chinese governments blame one another for cybermischief, they should collaborate to battle common cyberthreats, says Christopher Painter, the State Department's top cyberdiplomat.
Faced with the growing threat of breaches, cyber-attacks and fraud, more organizations are building robust incident response strategies that identify how an investigation would proceed. Experts offer insights on effective investigation management.
TD Bank has been ordered to pay $52.5 million in penalties for violations of the Bank Secrecy Act and securities laws as a result of failing to file timely suspicious activity reports related to nearly $1 billion worth of transactions.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.
Comptroller of the Currency Thomas Curry's comments in a Sept. 18 speech could be an early indication that regulators will put more pressure on banks and service providers to fill cybersecurity gaps, some observers say.
While some in Congress argue about whether the Department of Homeland Security has too much cybersecurity authority, recently retired leader Bruce McConnell offers his take on why the department is playing an appropriate role.
NIST awards a total of $7 million in grants to five organizations to develop and pilot reliable and easy-to-use identity credentials that could help build trust in online commerce and boost the economy.
Two more guilty pleas in a $200 million card fraud scheme highlight why banks need to ensure their identification verification policies are consistently applied and that customers are continually vetted and profiled.
Comptroller of the Currency Thomas Curry says U.S. banking institutions are at heightened risk of cyber-attack because of emerging technology, interconnectivity and reliance on third-party service providers.
How much of a free hand should units within an enterprise have in deciding social media policy? DHS's inspector general and acting chief privacy officer don't always see eye to eye on how the department should govern social media use.
On the one-year anniversary of al-Qassam Cyber Fighters' first announcement about DDoS attacks against U.S. banks, experts discuss what may happen next, including whether the group will join forces with the Syrian Electronic Army.
The National Institute of Standards and Technology is re-evaluating a set of its special publications because of concerns expressed by some leading cryptographers that the National Security Agency might have corrupted the guidance.