The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack. NIST's Matthew Scholl offers strategies to mitigate the threat.
Developing a bring-your-own-device
policy that's well-integrated with an organization's overall information security strategy requires a multi-disciplinary, collaborative approach, says attorney Stephen Wu.
As missiles and bombs do real damage in Israel and Gaza, a veteran Israeli cybersecurity expert, Amichai Shulman, downplays the significance of the assaults waged against Israeli websites, contending any damage has been minimal.
Incorporating new concepts such as security-control overlays and placing a renewed emphasis on information assurance, the forthcoming guidance is 'a total rewrite' from the 2009 version, NIST's Ron Ross says.
Leaders at four security technology companies say the recent distributed-denial-of-service attacks against 10 U.S. banks highlight the need for new approaches to preventing and responding to online outages.
To know how best to respond to IT and communications failures, organizations first must collect information on such incidents, says Marnix Dekker, who co-authored a just-issued report on incidents for ENISA.