Scott Laliberte, managing director of Protiviti, wrote the book on penetration testing, and he has strong feelings about what organizations are doing right and wrong when assessing their information security risks today.
A new consumer survey suggests healthcare organizations still have a long way to go in educating patients about the benefits of electronic health records and easing their concerns about security issues.
We all know the cost of regulatory compliance - how expensive it can be to meet the standards of HIPAA, HITECH and other industry guidelines. But two organizations this week learned hard lessons about the cost of non-compliance.
Security teams need to look at the controls they have put in place in their organization and question whether they are shifting risky behavior to different areas and perpetuating problems, says Intel CISO Malcolm Harkins.
"We appear to be asking DHS to take on new cybersecurity roles and missions while it is establishing its basic core competencies," Melissa Hathaway says. "Is this reasonable? Do we want DHS to become a first party regulator?"
Northrop Grumman Cybersecurity Research Consortium's Robert Brammer says IT security researchers should think like Wayne Gretzky, the National Hockey League hall of famer: Skate to where the puck will be.
"Ethical hacking" - is the term an oxymoron, or is it one of today's necessities in the fight against cybercrime? Jay Bavisi, president and co-founder of the EC Council, feels strongly about why we need ethical hackers more today than ever before.