Successfully implementing the SANS 20 Critical Security Controls requires far more than just deploying systems, platforms or services. Experts offer insights on effective strategies for leveraging technical controls.
Although the U.S. and Chinese governments blame one another for cybermischief, they should collaborate to battle common cyberthreats, says Christopher Painter, the State Department's top cyberdiplomat.
Federal regulators plan to launch a permanent HIPAA compliance audit program in 2014 that targets a larger number of organizations but covers a narrower scope of issues. Learn the details the nation's top HIPAA enforcer revealed.
More than 1,000 banks will test their incident response strategies by participating in a simulated cyber-attack exercise. SWACHA's Dennis Simmons says the drill, which is open to more participants, will help bolster defenses.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.
Comptroller of the Currency Thomas Curry's comments in a Sept. 18 speech could be an early indication that regulators will put more pressure on banks and service providers to fill cybersecurity gaps, some observers say.
The FDA has issued a final rule for a medical device identification system that aims to make it easier and more efficient to track adverse events, including problems caused by cybersecurity issues, such as malware.
While some in Congress argue about whether the Department of Homeland Security has too much cybersecurity authority, recently retired leader Bruce McConnell offers his take on why the department is playing an appropriate role.
Comptroller of the Currency Thomas Curry says U.S. banking institutions are at heightened risk of cyber-attack because of emerging technology, interconnectivity and reliance on third-party service providers.
On the one-year anniversary of al-Qassam Cyber Fighters' first announcement about DDoS attacks against U.S. banks, experts discuss what may happen next, including whether the group will join forces with the Syrian Electronic Army.
The National Institute of Standards and Technology is re-evaluating a set of its special publications because of concerns expressed by some leading cryptographers that the National Security Agency might have corrupted the guidance.
Termination of an employee after a breach should be reserved for repeat offenders, individuals who show a total disregard for the rules, those who seek to harm another or the most egregious incidents, security expert Mac McMillan contends.
In the wake of a year of attacks waged against banking institutions by Izz ad-Din al-Qassam Cyber Fighters, the FS-ISAC's Bill Nelson and the ABA's Doug Johnson say the need to regularly update DDoS preparedness is a critical lesson learned.
OpUSA's planned Sept. 11 DDoS against U.S. banks and governmental agencies proved to be uneventful, experts say. But they warn that other potential attacks, especially those with a Syria connection, could prove to be far more serious.
If Iran is behind distributed-denial-of-service attacks targeting American banks, should the United States retaliate aggressively with a Stuxnet-like response? Learn why the Atlantic Council's Jason Healey thinks that's a bad idea.