In light of growing threats and the increasing complexity of information technology, organizations must get everyone in the enterprise, especially top leaders, involved in assessing and managing information risk.
To mitigate the top threats for 2013, organizations need to understand the motivations of potential attackers so they can adequately defend their networks and systems. Experts describe risk management strategies for the year ahead.
With different nations establishing different privacy standards, organizations face adopting the most stringent regulations in order to be compliant everywhere they operate, says Marc Groman, a director of the International Association of Privacy Professionals.
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters claims that its second phase of distributed-denial-of-service attacks has affected nine banks since Dec. 11, and it warns more attacks are on the way.
An evolving concept known as "intelligent security" involves using a combination of technologies to detect threats, helping security professionals become more proactive. Learn how pioneers are using the new approach.
Hacktivists on Christmas Day announced new plans for more DDoS attacks against U.S. banks, and it appears Citi was among the first hit, although the attackers named no specific targets in their latest threat.
An international telecommunications treaty, approved in Dubai in early December, is a veiled threat to suffocate Internet freedom internationally, says Rep. Jim Langevin, the Rhode Island Democrat who co-chairs the House Cybersecurity Caucus.
Sometimes HIPAA training alone is just not enough to drill into peoples' heads why and how patient information needs to be protected. So, how are organizations getting medical staff to do the right thing?
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?
Heading into 2013, security leaders across industry feel confident about their processes and technology. People, though, continue to create the greatest risks. Can "awareness in depth" make a difference?
A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.