Enterprises should test the processes they establish to respond to advanced persistent threat attacks, just as they vet their business continuity plans, ISACA International President Robert Stroud says.
The National Institute of Standards and Technology should use the cryptographic community to help vet the advice it gets from the National Security Agency when creating cryptography guidance, a panel of prominent experts recommends.
The British government is seeking quick approval of an "emergency" blanket data retention law that would require U.K. telecommunications providers to store information relating to their customers' calls, texts and e-mails for 12 months.
The Department of Homeland Security confirms that "a potential intrusion" of the Office of Personnel Management's network occurred in March but says officials have not identified any loss of personally identifiable information.
With the Senate Intelligence Committee overwhelmingly approving the Cybersecurity Information Security Management Act, common wisdom dictates the bill will head directly to the Senate floor. Not so fast.
Criminals have begun targeting ATMs in Western Europe using malware, as well as a new generation of stealthier skimmers designed to capture card data and PIN codes. But the stolen data is often used for fraud elsewhere, especially the U.S.
The idea of a cyber war council, reportedly proposed by a financial services industry trade group, has not received an enthusiastic reception from cybersecurity experts, some of whom question its viability to defend against cyberattacks.
The Senate Intelligence Committee, by a 12 to 3 vote, has approved the Cybersecurity Information Sharing Act of 2014, which its sponsors say would encourage the federal government and private sector to voluntarily share cyberthreat information.
Attorneys for Target have requested a halt in the discovery process for class action lawsuits stemming from the retailer's December 2013 data breach until the court can consider its forthcoming motions to dismiss most of the suits.
Is having too many stakeholders who care about cyberspace's viability a hindrance to security? That's one way to interpret comments from White House Cybersecurity Coordinator Michael Daniel as he addresses the challenges of governing the Internet.
Bob Russo, long-time general manager of the PCI Council, will retire at the end of the year. Stephen Orfei, his replacement, will take the helm in September. Security experts analyze the potential impact of the change.
The "Bolware" malware gang has used Web injection and "man-in-the-browser" techniques to steal up to $3.75 billion. The attack campaign demonstrates how easily attackers anywhere in the world can commit browser-based fraud.