A top DHS cybersecurity official says she has seen no conclusive evidence that Russian-owned Kaspersky Lab's security software had been exploited to breach federal information systems. Jeanette Manfra told a House panel most agencies have complied with a directive to stop using Kaspersky software.
Threat-centric security frameworks need to be supplemented with an approach based on user behavior, which is becoming a critical parameter in understanding organizations' risk postures, Forcepoint's Maheshwaran S says in an in-depth interview.
The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
India is expected to announce in the coming months the formation of a cyber defense agency that would focus on protecting critical infrastructure, especially government and defense networks, from cyberattacks.
Dr. Suzanne Schwartz of the FDA clears up some myths and misunderstandings about medical device security in an in-depth interview. She'll be a featured speaker at Information Security Media Group's Healthcare Security Summit, to be held Nov. 14-15 in New York.
All U.S. publicly traded companies should review how they internally disseminate breach information and expect to see revised cybersecurity guidance, says William Hinman, the director of corporation finance for the U.S. Securities and Exchange Commission.
A report on the head of Equifax contending that his company - not individual consumers - owns the personally identifiable information the credit reporting agency markets to lenders leads the latest version of the ISMG Security Report. Also, a preview of the ISMG Healthcare Security Summit.
The financial sector is under increasing threat from cybercrime syndicates, and the distributed nature of today's predominantly Russian-speaking attackers is making them tough to disrupt, says Rob Wainwright, director of Europol.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
The former CEO of Yahoo, which has had 3 billion records exposed in a 2013 data breach, testified at a Senate hearing that it's tough for any corporation to defend against nation-state backed cyberattacks. That led senators to grill Marissa Mayer about the security steps Yahoo had taken.
Ransomware and other cyberattacks will be the biggest health technology hazard in 2018, according to the ECRI Institute. It's the first time the patient safety research organization has listed cyber issues as the top threat.
Former Yahoo CEO Marissa Mayer may have envisioned spending her post-Yahoo days seeking new work or experimenting with other search engines. Instead, she gets to sit in a Senate hot seat alongside former Equifax CEO Richard Smith, defending past data breach response decisions.
The acting director of the U.S. Office of Personnel Management cites "audit fatigue" as a factor that explains why the federal agency, which experienced a massive data breach in 2015, continues to come up short in securing its information systems.
CISO Mitchell Parker of Indiana University Health says healthcare organizations that have focused on HIPAA compliance when crafting security and privacy policies need to be making plans to comply with the EU's GDPR if they handle Europeans' data. How will that influence decisions about data protection?
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.