Amidst emerging technologies, CISOs must prepare to deal with a new set of challenges. And security should become a board agenda, says Vijay Subramanyam, partner with KPMG's IT Risk Consulting Practice.
A jury's decision to award $940 million in damages to electronic health records software vendor Epic Systems, which had sued India's Tata Consultancy Services alleging theft of trade secrets, serves up lessons about the importance of restricting access to all sensitive data, including intellectual property.
Banking institutions and associations are demanding that the Federal Financial Institutions Examination Council make significant changes to its Cybersecurity Assessment Tool. What action, if any, will regulators take in response?
The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
The FFIEC's Cybersecurity Assessment Tool is already being integrated into regulators' cybersecurity examinations, says Gartner analyst Avivah Litan. But the tool has so far led to more confusion than clarity, she says, and must be enhanced in 2016.
Vivian Poon, head of Network Security Operations at UBS, sees the need to encourage women to take up new roles in risk management, governance, security and forensics. How does she recommend recruiting these new professionals?
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
Gain insights from nearly 1000 IT Security professionals in more than 50 countries on today's vulnerability management programs. Get "in the trenches" information on challenges, satisfaction, and areas in need of improvement.
Download this report to learn about these key findings and the importance of:
Discussions I recently moderated around mobile security indicate that Indian practitioners have significant doubts about the effectiveness and applicability of mobile security solutions such as MDM and others.
To adequately protect their data, organizations need to go far beyond traditional controls and implement a "data-centric security" approach, says Informatica's Robert Shields, who describes the essential elements of the strategy.
The National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.
The act of prevention is dead. The new mandate for CISOs is to quickly detect anomalous behavior in the networks to be able to respond quickly to breaches and combat threats, says RSA's director, Kartik Shahani.
A burgeoning security infrastructure means the headache of management, enforcement and optimization. How do you efficiently administrate it? How do you plan policy enforcement at scale? Juniper's Paul shares insight.