A just released update to the FFIEC's Cybersecurity Assessment Tool helps make meeting regulators' demands for "baseline" cybersecurity more attainable, says Amy McHugh, a bank adviser and former IT examination analyst for the Federal Deposit Insurance Corp.
In the wake of the London Bridge attacks, Stella Rimington opened the Infosecurity Europe conference in London with lessons learned from her tenure as director general of Britain's domestic security service, MI5.
A new Department of Health and Human Services report to Congress containing more than 100 recommendations for how healthcare can better address cybersecurity threats is stirring debate over whether smaller organizations will be able to take the recommended actions.
On the eve of Europe's biggest annual cybersecurity conference, and scores of interviews with some of the world's leading information security experts, I'm asking how the London Bridge attacks will change the tenor of at least some of these discussions.
The annual Infosecurity Europe conference returns to London this week, offering discussions of the latest information security practices, procedures and technologies as well as deep-dives into privacy, cybercrime, policing, surveillance, GDPR and more.
Outdated policies, lax regulatory oversight and bureaucracy have stunted more advanced cybersecurity investments at some organizations that provide the nation's critical infrastructure, says Brian Harrell, the former director of critical infrastructure protection at the North American Electric Reliability Corp.
Today's cybersecurity industry is far too focused on keeping bad guys out, says Chris Pierson of Viewpost. Organizations need to pay more attention to keeping data inside the enterprise, he says, describing how to make the shift to a focus on limiting exfiltration.
It's a tried and true military tradition: ISR, or Intelligence, Surveillance and Reconnaissance. But the practice is gaining traction in enterprises as well, and especially within cybersecurity, says Christopher Cleary of Tenable Network Security.
Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.