The breach at Target stores that may have affected as many as 40 million credit and debit card account holders is a watershed moment that could greatly raise awareness of cybersecurity risks, says privacy attorney David Navetta.
A preliminary version of the cybersecurity framework takes a too-broad approach to privacy, says security and privacy attorney Harriet Pearson. And that could result in fewer organizations adopting the voluntary security guidelines.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
Federal agencies overwhelming ignore guidance on the top 20 critical security controls, a new survey shows. Two risk management experts explain the pros and cons of adopting this guidance vs. broader NIST guidance.
The Centers for Medicare and Medicaid Services is creating a new position of chief risk officer in a multi-faceted effort to analyze and address problems with the troubled HealthCare.gov rollout. What are the security implications?
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
Wayne Dunn, CTO of HarborOne Bank in New England, says improving vendor management is a top security priority for institutions in 2014. As more core banking functions are outsourced, due diligence becomes increasingly critical.
FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.