Randy Trzeciak and his CERT Insider Threat Center colleagues are working to broaden the definition of the insider threat to incorporate not just the risk to information and IT but to facilities and people, too.
Regulators need to do a better job of notifying banks promptly when they find severe security flaws at third parties, especially core banking processors. And community banks need to collaborate on assessments of third-party risks.
In the wake of an ongoing stream of merchant and payment processing breaches, the FDIC is reminding smaller banking institutions that they are ultimately responsible for ensuring the security of cardholder data.
The State Department's top cyberdiplomat, Chris Painter, explains how the United States is helping other nations beef up their laws and policies to battle cybercrime and improve international collaboration on cyberthreats.
It's been four years since federal officials began tracking major healthcare data breaches. What important lessons can be learned from the causes of these breaches as well as HIPAA enforcement actions by federal regulators?
With the prospect of a federal government shutdown, and its implications for IT security, it's worth considering what happened in Minnesota two years ago, when a similar budget squabble shuttered state operations for 20 days.
Too many organizations are spending far too much money on gathering big data that they cannot put to good use, such as for fraud prevention, says IDC analyst Jerry Silva, who stresses that investments must have strategic value.
Successfully implementing the SANS 20 Critical Security Controls requires far more than just deploying systems, platforms or services. Experts offer insights on effective strategies for leveraging technical controls.
Although the U.S. and Chinese governments blame one another for cybermischief, they should collaborate to battle common cyberthreats, says Christopher Painter, the State Department's top cyberdiplomat.
Federal regulators plan to launch a permanent HIPAA compliance audit program in 2014 that targets a larger number of organizations but covers a narrower scope of issues. Learn the details the nation's top HIPAA enforcer revealed.
More than 1,000 banks will test their incident response strategies by participating in a simulated cyber-attack exercise. SWACHA's Dennis Simmons says the drill, which is open to more participants, will help bolster defenses.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.