Breaking into the IT security field - a male-dominated profession - is a challenge for women. Lisa Xu, CEO of NopSec, identifies the hurdles she had to overcome and offers strategies for women to grow in their careers.
A House panel establishes a bipartisan supply chain working group to explore the federal government's role in helping industry assure that IT and telecommunications wares they buy abroad are safe from exploits.
A variation of hack-back - in which a victim of a cyber-attack assaults the assailant's computer or network - could be used to mitigate the theft of intellectual property, according to the Commission on the Theft of American Intellectual Property.
NIST's Ron Ross sees the cloud as helping to reduce the complexity of keeping data secure. But security expert Eugene Spafford of Purdue University offers a different viewpoint in the first part of a two-part joint interview.
A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents and protect their users, ENISA's Thomas Haeberlen says.
"Organizations have to be able to develop their security plans that really talk to their specific mission," National Institute of Standards and Technology's Ron Ross says. "The overlay concept is introduced to allow that specialization."
Ronald Sanders says it isn't easy to answer the question of whether the information security field should be professionalized. The former human capital officer at the Office of the Director of National Intelligence explains why.
Malware attacks against retailers are becoming more common. Many breaches linked to these attacks could be prevented, experts say, if merchants took more steps to lock down networks and point-of-sale devices.