The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
Attempts to shame China haven't been effective in stopping that country from pilfering intellectual property from the computers of American companies, according to a new report to Congress from a special commission.
In case you missed ISMG's 2013 Fraud Summit - or even if you were there and want to share insights with colleagues - I'm pleased to announce the availability of a series of session videos featuring top fraud experts.
A ransomware campaign has targeted millions of bank clients in the U.K., and experts warn of a worldwide surge in attacks. They say banking institutions have to be diligent about informing customers of the risk.
Jeh Johnson has cleared a major hurdle to becoming the next Homeland Security secretary and a chief advocate for the administration's cybersecurity policies. But it's unclear when the full Senate will vote on his nomination.
Federal investigators announced five more arrests this week in connection with a $45 million ATM cash-out and prepaid card fraud scheme. Learn why experts expect these types of crimes to become even more common.
Figuring out how Edward Snowden breached NSA computers is sort of like solving a puzzle. Take public information and match it with an understanding of how organizations get hacked, and the pieces seem to fall into place.
FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.
For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.
Google has agreed to a $17 million settlement with 37 states and the District of Columbia over its unauthorized placement of cookies on computers using Apple Safari Web browsers, which the states claim was a privacy violation.
Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.
Financial institutions and businesses in other sectors must continually collect information about their online customers to ensure stronger authentication, says Avivah Litan, a fraud expert and analyst for the consultancy Gartner.
The breach of a card loyalty marketing company has reignited discussions about the roles banking institutions, regulators and others play when it comes to mitigating third-party risks. Where should the buck stop?