After the complete collapse of network security at Sony Pictures - in the wake of its data breach - it's important that we highlight some of the organization's fundamental security mistakes. Here's a macro view of the lessons we must all learn.
Organizations in all business sectors should take a series of steps to guard against "visual hacking," a low-tech method used to capture sensitive, confidential and private information for unauthorized use.
A colleague suggested we might experience yet another crisis in trust when consumers and merchants realize that EMV does not solve all their problems. I find it timely to talk about the limitations of EMV.
With the White House set to issue its cybersecurity framework next month, a former CIA chief information security information officer vividly explains why the set of best IT security practices won't necessarily protect the nation's critical infrastructure.
Termination of an employee after a breach should be reserved for repeat offenders, individuals who show a total disregard for the rules, those who seek to harm another or the most egregious incidents, security expert Mac McMillan contends.
While user education is valuable, needed and helpful, there is one problem with this approach - it only partially works, and partially working is simply not good enough, security expert George Tubin contends.
Improving collaboration among employees is the goal of Yahoo CEO Marissa Mayer's decision to ban telecommuting, but her edict means better information security as well, writes veteran CISO Patricia Titus.
The OWASP Top Ten list of security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.
While adoption of cybersecurity defenses will serve to protect personal data, privacy lawyer Harriet Pearson says some of the defense techniques may require the monitoring or collection of personal information.