Too many security awareness and education programs fail because they're boring, says Lance Spitzner, research and community director for the SANS Institute's "Securing the Human" program. Read his suggested fixes.
LabMD's recent victory in its long legal battle with the Federal Trade Commission will be short-lived, the medical testing lab's CEO predicts. Find out why, and what changes Michael Daugherty hopes the case will bring to FTC's enforcement practices.
As the unfolding investigation into the Paris attacks shows, just sharing threat-related data - without adding the crucial context that turns it into actionable intelligence - won't help organizations block attacks.
Several recent data breaches involving email mishaps serve as a reminder of precautions that healthcare entities must take with protected health information contained in digital communications that are sent or received by their organizations.
As U.S. merchants shore up physical point-of-sale security by upgrading their terminals to accept EMV chip cards, attackers are turning their aim toward new, unattended targets. Here's the latest on how to respond to "shimming" attacks.
The annual Black Hat Europe conference this year once again brought together numerous information security aficionados in Amsterdam for the latest training and security insights. Here are visual highlights from the conference.
Here's how police and intelligence officials in Europe and the United States are collaborating to identify and disrupt the network of people that planned, supported and launched the Nov. 13 terror attacks in Paris.
The FFIEC's updated guidance for bank examiners, released this week, stresses that executives and boards of directors must approve IT plans that contain strategies for addressing emerging and ongoing cyber threats.
Hartford Hospital and its business associate, EMC Corp., have agreed to pay a fine as part of a health data breach settlement with Connecticut's attorney general. Learn about the size of the financial penalty and other settlement details.
Distributed-denial-of-service attacks on banks are more powerful than ever, but we hear less about them than we did three years ago. How have attackers changed their tactics, and why should we be even more concerned about their strikes?
The U.K. government's response to whistleblower Edward Snowden's warnings that the U.S. and Britain had created a massive surveillance state has been to attempt to codify and expand those surveillance powers while also debating oversight and related matters in public for the first time.
To avoid having their organizations exploited by teenage hackers, boards of directors worldwide need to get serious about security. Here are five lessons to be learned from the latest TalkTalk data breach.