Jeh Johnson, at his confirmation hearing to be the next Homeland Security secretary, pledges to fix internal cybersecurity problems at DHS before seeking further authority to have the department help other agencies get their IT security houses in order.
New payment card security standards issued by the PCI Council include a number of improvements, plus some glaring omissions, such as requirements for mobile, security experts say. What are their chief concerns?
Do you know how many government agencies or, for that matter, critical infrastructure operations that have been attacked online? Neither does Congress. But some senators have introduced legislation to find out.
New requirements to mitigate payment card risks posed by third parties, such as cloud providers and payment processors, are a focal point of the PCI Security Standards Council's updated data security standard.
Banking executives were among the CEOs who met with President Obama at the White House to discuss cybersecurity strategies. Paul Smocer of BITS explains how this discussion may pay off for financial institutions.
The settlement of a class action lawsuit against AvMed, a health plan company, stemming from a 2009 data breach, is significant because it awards payments to those who were not victims of identity theft.
Senior leaders in business and government are buying in to the need for more cybersecurity investments as well as threat-intelligence sharing, new research shows. But why are they still struggling to hire the right security pros?
A congressional committee grilled representatives from four technology vendors providing services for the Obamacare website, questioning, for example, whether the site is putting consumer privacy at risk.
Organizations must develop a "defensible response" to data breaches and fraud incidents because of the likelihood of a regulatory investigation or legal action, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.