The OWASP Top Ten list of security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.
If the hacking community judges the planned OpUSA cyber-attack a success, it could spur more nefarious actors to try more vicious disruptions of U.S. websites, a Department of Homeland Security alert says.
Intel Chief Information Security and Privacy Officer Malcolm Harkins sees having one leader who handles IT security and privacy responsibilities as essential. "At the end of the day," he says, "there's a level of common objectives."
In assessing the risk of a distributed-denial-of service attack, organizations must think beyond shoring up systems' perimeters and concentrate on analyzing cyberthreat intelligence, Booz Allen Hamilton's Sedar Labarre says.
Anonymous says its OpUSA attack planned for May 7 aims to 'wipe' government and banking websites from the Internet. Security experts say the threat is real, but are U.S. organizations taking it seriously?
Today's spear-phishing campaigns are localized, small and can slip through typical spam filters. As a result, detection practices have to evolve, says researcher Gary Warner of the University of Alabama at Birmingham.
The massive distributed-denial-of-service attack in Europe that targeted Spamhaus could easily have been prevented if information service providers followed a 13-year-old industry best practice, ENISA's Thomas Haeberlen says.
Security firm Mandiant recently released a widely publicized report detailing cyber-espionage activity originating in China. Mandiant Director Charles Carmakal discusses the latest nation-state threats.
NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.