Two recent major breach incidents call attention to the value of encrypting backup tapes. A new survey shows how many organizations are taking this precaution.
Giving employees the chance to use their own mobile devices on their employers' network isn't necessarily given. That's what Delaware Chief Security Officer Elayne Starkey found when the state implemented a new program to allow the secure use of personal devices on state networks.
When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.
Winn Schwartau says the BlackBerry disruption this past week (see BlackBerry Disruptions: Where to Start?) hit at the heart of one of the fundamentals of IT security: availability.
The disruption of text messaging and Web browsing for BlackBerry customers opens up issues of company transparency and business continuity. How should the company have responded?
Skimming incidents at bank branch ATMs and vestibules are adding up to huge losses. One bank says it could easily lose $50,000 over one weekend at a single ATM. So, what can institutions do to deter and detect skimmers?
"I think the New York Stock Exchange was probably prepared for this sort of thing anyway," says security researcher Wendy Nather. "One threat, more or less, is not going to make a difference in the security measures they have in place."
As the Bank of America website outage proved, "Assuming it's an attack or breach is now the default response," says ID theft expert Neal O'Farrell. So, how can organizations change that perception?
The Department of Homeland Security is undertaking nine private and three public cloud computing initiatives, establishing private cloud services to manage sensitive but unclassified information while using the public cloud for non-sensitive data.
The hacktivist group Anonymous allegedly threatened to "erase the New York Stock Exchange" from the Internet on Oct. 10. How credible is the threat, and how should security leaders respond?
Alastair MacWillson says the lack of harmonization among state, national and international security laws and regulations has proved challenging for global organizations that want to work in the cloud.
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
Organizations have started achieving PCI compliance, but it's a struggle for many to maintain, says Jen Mack, director of PCI Consulting Services for Verizon.
Ineffective or noncompliant security practices of service providers, the inability of customers to examine controls, the prospect of data leakage and the loss of data if a cloud service is terminated present challenges.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.