FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.
Consolidating Microsoft Active Directory isn't just a technical challenge, but a personnel one as well. Just ask Johnson Matthey's Steve Way, who had to calm dozens of administrators he labels as "masters of their own universe."
Here are some questions we'd like to ask the former systems administrator at the National Security Agency to learn more about the motivation behind his leak of the U.S. government's top-secret information collection programs.
NIST's Ron Ross sees the cloud as helping to reduce the complexity of keeping data secure. But security expert Eugene Spafford of Purdue University offers a different viewpoint in the first part of a two-part joint interview.
NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.
Organizations outsourcing card data management to the cloud face significant security risks. How should they prioritize risks when reviewing cloud-vendor solutions? The PCI Council's Bob Russo offers insight.