"Any bug, beacon or backdoor put into our critical systems could allow for a catastrophic and devastating domino effect of failures throughout our networks," says Mike Rogers, chairman of the House Select Committee on Intelligence.
As the overall number of "true exploits" have decreased, targeted ones - especially those initiated by criminals or nation states - are becoming harder to detect, say Rick Miller, director of IBM Managed Security Services.
The gut feeling many people have about their physical security hasn't quite developed in the digital world, presenting a challenge for homeland security officials, says State of Delaware Homeland Security Adviser Kurt Reuther.
Website outages at leading U.S. banks have garnered global attention. But how concerned should European institutions be that they could be the next targets? A London-based security expert shares insight.
NIST's Ron Ross, one of the world's top information risk thought leaders, says new guidance he co-wrote doesn't dictate how organizations must approach risk assessment, but gives enterprises options on how to conduct risk appraisals.
The new report aims to help access-control experts improve their evaluation of the highest security access-control systems by discussing the administration, enforcement, performance and support properties of mechanisms that are embedded in each system.
The continuing loss of data to China suggests that the federal government should carefully assess the cybersecurity implications associated with the expansion of Chinese cloud and mobile providers in the U.S.
Preparing for an exam to assess FFIEC Authentication Guidance conformance can be daunting. But according to one bank's experience, it doesn't have to be. What words of advice does this institution share?
Understanding threats and identifying modern attacks in their early stages is key to preventing subsequent compromises, and proactively sharing information among organizations is an increasingly effective way to identify them.
The United Kingdom and the United States are both cracking down on healthcare organizations that have experienced information breaches. But they're taking very different approaches. Which approach will prove most effective?