For years, security and business managers have known that identity and access management (IAM) must be driven by business requirements. But typically, IAM processes are too IT-centric, and don't meet the needs of the business. In addition, traditional IAM systems have consistently been prohibitively expensive to...
Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
Although a hacktivist group says it has suspended distributed-denial-of-service attacks on U.S. banking institutions, banking and security leaders aren't convinced. "Banks should certainly remain on guard," says Gartner's Avivah Litan.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
How are banks responding to DDoS phase 2? "From a technology standpoint, we have improved our defenses quite a bit," says Dan Holden of Arbor Networks. Experts discuss top DDoS lessons banks have learned.
Both candidates have made fleeting references to cybersecurity during the presidential campaign, but neither has addressed the matter in detail. How different would a President Romney be from a second-term President Obama?
HSBC Holdings, a British multinational bank, is the 10th financial institution to suffer online outages as a result of a distributed denial of service attack in recent weeks. What was the impact of the attack?
BB&T Corp. confirms it's been hit by a DDoS attack, making it the ninth U.S. bank to be targeted in five weeks. The online outage at BB&T comes on the heels of the attack that hit Capital One on Oct. 16.
Cyberthieves are exploiting weaknesses in the U.S. payments infrastructure as an easy-to-travel avenue for access to intellectual capital, says risk consultant Bill Wansley. What can be done to stop them?
Debate surrounding the Cybersecurity Act has focused on whether the government should regulate privately owned, critical IT systems. But the bill also would make significant changes on how government governs IT security, co-sponsor Sen. Tom Carper says. See how.