The Department of Homeland Security, which missed meeting last week's deadline for submitting a new cybersecurity strategy to Congress, could be months away from providing lawmakers with that policy, a top DHS cybersecurity official says.
An Obama-era regulation, which has yet to take effect, that aims to strengthen consumer's online privacy may be derailed. The Senate has voted along party lines to quash the rule that the FCC issued in October.
New Mexico lawmakers have overwhelmingly approved the Data Breach Notification Act. If signed, as expected, by Gov. Susana Martinez, Alabama and South Dakota would be the only states without such a statute.
Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald Trump's presidential campaign and Russia's actions to influence the U.S. presidential election.
A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
Responding to disruptive data breaches, dealing with Mirai botnets, hacking back and the need for enterprises to segment their backup environments were just some of the topics dominating this year's RSA Conference in San Francisco.
Amidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.
Australia's Parliament has passed a mandatory data breach notification law that requires some organizations to tell consumers and regulators about an incident within 30 days or face hefty fines. But one security expert says the law has gaps that could pose risks.
Cloud computing initiatives, network monitoring and risk management are driving network security operations. Meanwhile, federal agencies face record levels of threats yet still rely on manual processes and outdated point tools. Agency network security operations must be modernized to streamline network security...
As ransomware attacks continue to plague organizations in healthcare and other sectors, Maryland is considering legislation specifically identifying ransomware attacks as a crime punishable with prison sentences. California and Wyoming are among the states that have enacted somewhat similar legislation.
Certification and accreditation (C&A) has been like alphabet soup. As it transitions to assessment and authorization (A&A), it's time to sort through the confusion and identify which terms and processes apply in any given situation.
This paper sorts through the confusion to identify which terms, approaches, and...
Legislation to tighten insider threat defenses at the U.S. Department of Homeland Security has passed the House of Representatives and goes to the Senate, which failed to consider a similar measure that passed the House in the last Congress.
Looking to go at it alone when securing your public cloud environment? Without a clear understanding of its nuances, even the most state-of-the-art solution won't make it past an annual compliance audit.
This detailed guide is for those pursuing PCI DSS compliance on their DIY cloud security environment.
President Barack Obama has signed the National Defense Authorization Act, legislation that includes a provision he opposes to leave the leader of the newly-elevated U.S. Cyber Command as the head of the National Security Agency as well.