Five new payment card data security requirements for third-party service providers are among the most significant changes included in version 3.2 of the PCI Data Security Standard released April 28, says Troy Leach of the PCI Security Standards Council.
The online heist of $81 million from Bangladesh Bank involved custom malware that hacked the database used by the bank's SWIFT software, allowing attackers to transfer money and hide their tracks, according to BAE Systems Applied Intelligence. SWIFT will issue software updates and security guidance to all customers.
With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises has increased dramatically, while IT budgets have shrunk and skilled cyber security talent is virtually impossible to find.
The CIS Top 20 Critical Controls provides a pragmatic approach, offering prioritized guidance...
A recent study reveals that India ranks third globally in financial Trojan infections, with more than 60,000 computers getting compromised in 2015 alone. Experts analyze why and recommend best practices to tackle them.
As we look ahead to the remainder of 2016, U.S. federal CIOs and their teams face big opportunities as well as challenges in achieving the federal "Cloud First" strategy issued back in 2011.
"Federal CISOs and their teams face a daunting challenge daily of staying FISMA-compliant and secure while moving their...
The massive "Panama Papers" data leak apparently was enabled by a law firm failing to have the right information security defenses in place. The breach calls attention to the need for all organizations to encrypt sensitive data, use access controls as well as monitor access patterns for signs of data exfiltration.
If you cast the Panama Papers leak in terms of class warfare, this isn't the first time that a faceless few have acted for what they perceive to be the good of the proletariat, in a bout of hacker - or insider - vigilantism.
The PCI Security Standards Council envisions a single, globally-unified data security standard. Now that the European Card Payment Association is a strategic regional member, that goal is significantly closer, says Jeremy King, the council's international director.
ISMG's Data Breach Summit aims to provide insights from industry thought-leaders on the best defense strategies for tackling future breaches. The conference kicked off to great traction from the security community.
"Shadow IT" has long existed slightly under the radar of the enterprise IT and security organizations. The term describes business units that opt to embrace IT systems and applications, including SaaS apps, without the express consent and support of IT.
In the past, these transgressions have mainly been overlooked....
Unlike other security and breach reports, Verizon's Data Breach Digest is a collection of data breach investigation case studies from around the world. Verizon's Ashish Thapar elaborates on findings from this digest.
Virginia Gov. Terry McAuliffe has a message for state leaders across the nation: Cybersecurity has to be a top item on their policy platforms. And, by the way, he very much intends to make Virginia the cyber capital of the United States.
What are some of the challenges practitioners will face as they attempt to look at emerging technologies, including CASB? How effective is the MSSP paradigm in addressing the skills gap? Expert security practitioner Manish Dave shares insights.
After years of being kept in the background, privacy has taken center stage in security discussions. In this video interview, Michelle Dennedy, chief privacy officer at Cisco, discusses the impact of new regulations and the issue of encryption backdoors.
Financial services firms and healthcare institutions have been at the forefront of adopting encrypted email, simply because so much vital and sensitive information today naturally flows via email, Dave Wagner, CEO of ZixCorp, says in this video interview.