Security experts are sizing up the challenges that would be involved in implementing a federal government proposal to continuously monitor employees and contractors with security clearances in hopes of preventing leaks of sensitive information.
The investigation of the disappearance of Malaysian Flight 370 is raising issues that are very similar to those considered in cybersecurity cases, ranging from the insider threat to deleting data from a computer.
At his March 11 Senate confirmation hearing, Navy Vice Adm. Michael Rogers, chosen by President Obama to be the next director of the National Security Agency, declines to characterize NSA leaker Edward Snowden as a traitor.
One key way to reduce the risk of a breach is continuous improvement of information security programs. It's dangerous to put security controls in place and then walk away, thinking you're finished, warns security expert Kate Borten.
An independent presidential panel makes recommendations to limit the National Security Agency's surveillance methods, including curtailing the way the government systematically collects and stores metadata from Americans' phone calls.
A federal district court judge's ruling that a National Security Agency program collecting metadata from telephone calls could be unconstitutional suggests that the law hasn't kept pace with changing technology.
NSA Director Gen. Keith Alexander says the agency has taken 41 actions to prevent leaks by insiders in the wake of disclosures of classified documents about the agency's surveillance programs by former agency contractor Edward Snowden.
You can be outraged that the NSA collects Internet communications records of U.S. citizens. But don't be surprised, says sociologist William Staples. This is just one example of our "culture of surveillance."
For years, researchers have studied malicious insider threats. But how can organizations protect themselves from insiders who make a mistake or are taken advantage of in a way that puts the organization at risk?
The average insider scheme lasts 32 months before it's detected, says threat researcher Jason Clark, who suggests using a combination of the right technologies and the right processes is the key to improving detection.