Continuous monitoring is helping Freddie Mac reduce the number of security controls it uses to safeguard its information systems, says CISO Patricia Titus, who summarizes lessons that can apply to government and private-sector entities.
Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti.
Customers increasingly use digital channels to interact with organizations. But these interactions raise new security concerns that must be addressed by IAM solutions, says David Gormley of CA Technologies.
The folks at PricewaterhouseCoopers, after surveying 500 U.S. business, law enforcement and government executives, conclude that the vast majority of cybersecurity programs fall very short of the federal government's cybersecurity framework goals....
Healthcare organizations are becoming a bigger target for cybercriminals because so much more clinical and financial information is now stored in potentially vulnerable information systems, says security expert Mac McMillan.
High-profile retail breaches, such as the one suffered by Target Corp., could spur more merchants to promote increased use of mobile payments to boost security, says Thad Peterson, a new analyst at Aite Group....
What does "IT security as a business enabler" mean? For a definition, Gartner's Paul Proctor looks to the way IT managers at a European car maker translate security problems into a language a CEO can understand.
A multi-layered approach known as "context-aware security" is the most effective strategy for fighting both insider and external cyberthreats, says Gartner analyst Avivah Litan, who explains how this strategy works.
Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.
Too many organizations have a device-centric BYOD policy that fails to look at big picture issues, including building a comprehensive strategy for protecting corporate information no matter how it's accessed, says Ian Evans of AirWatch.