"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.
A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.
Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.
Ellen Richey of Visa, keynoter at the April 29 Fraud Summit San Francisco, outlines key card fraud-fighting trends for the year ahead, including the U.S.'s migration toward EMV, greater use of tokenization and heightened fraud detection.
The chief executive of the Finnish company that uncovered the Internet website vulnerability known as Heartbleed says security practitioners should rethink how they approach IT security by placing a greater emphasis on vetting software for vulnerabilities.
The FFIEC just issued new guidelines on DDoS risks to U.S. banking institutions. What is the substance of these guidelines, and how must banks and credit unions respond? Rodney Joffe of Neustar offers advice.