Information security threats - especially to critical infrastructures and from nation-states - are evolving. But security education curricula are struggling to keep pace, according to Eugene Spafford, renowned information security professor at Purdue University.
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.
Phishing schemes, like the one claiming to be from the Better Business Bureau, target consumers who have concerns about troubled accounts or account breaches. And social engineering is used more often to acquire financial and personal information.
BITS president Paul Smocer says banks can expect an uptick in cybersecurity-focused legislation in 2012. What impact will changes from Capitol Hill have on requirements for data breach notification, information sharing and critical infrastructure?
Authorities in New York have indicted 28 suspects for their alleged connection to a skimming scheme that targeted AmEx cardholders. What did the take-down expose about growing innovations in insider fraud?
Ongoing HIPAA compliance training is key to breach prevention, says Terrell Herzig of UAB Medicine. Yet many healthcare organizations are lacking in their efforts, according to results from the Healthcare Information Security Today survey.
To win support for information security spending, IT security professionals need to refine how they make their case to senior executives, says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. Here's how.
A wave of security breaches serves as a catalyst for all types of organizations to assess the need for cyber insurance. Here's the story of one institution that saw the threat and took out a $10 million policy.
Most organizations remain uncomfortable in letting their employees use their own mobile devices to access their IT systems. Yet, in many instances, those charged with securing their enterprises' IT understand that it's just a matter of time before they must grant workers permission to employ those devices.
Two years after his business was a victim of ACH fraud, PATCO's Mark Patterson doubts whether most small business owners are yet aware of the risks they face. And he doesn't think the FFIEC guidance will help.
ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.