President Donald Trump is reportedly continuing to weigh an executive order that would ban all U.S. organizations from using telecommunications hardware built by China's Huawei and ZTE. Australia and New Zealand have blocked the firms from their 5G rollouts, while other nations weigh similar moves.
In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology.
Critical systems are under attack from external and insider threats. No access or transaction should go unchecked. That's why former federal CISO Gregory Touhill advocates the broad adoption of zero-trust security in the public and private sectors.
Managed security services providers are playing an important role in helping organizations cope with hiring challenges and meet regulatory compliance requirements, says Kartik Shahani, director of channels for APJ at RSA.
Efforts to protect privacy must be carefully balanced against the need to practically implement advanced technologies, argues Jared Ragland, senior director for policy in APAC at BSA/The Software Alliance, an advocacy group for software companies.
Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.
The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K. Regulators say more Europeans are also filing more complaints about organizations' data protection and privacy practices.
A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report. The health insurer belated realized after a complaint from one practitioner that some psychologists work from home.
As India's Parliament prepares to finalize a privacy and data protection law in the weeks ahead, there's still no consensus among security practitioners about what approach the legislation should take. But the government should ensure all companies comply with clearly defined standards - or face punishment.
Although CERT-In says the hacking of Indian websites declined dramatically this year, based on reports it has received, some security experts argue that many hacking and other cybercrime incidents are never reported.
DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings.
The lack of standardization is one of the significant challenges when securing OT environments. Customizing and aligning OT security with the business is key, says Uday Deshpande, CISO at Mumbai-based L&T Group.
The latest edition of the ISMG Security Report features an analysis of the validity of reports that China is behind the massive Marriott data breach. Also: Fascinating details in a Congressional report on the Equifax breach, and a clear explanation of "self-sovereign identity."