With the rapid changes in the threat landscape and the risks introduced by DevOps, the cloud and other new elements, organizations need to have a continuous vulnerability assessment program as a security baseline, says Richard Bussiere of Tenable Network Security.
Cloud services firm Coupa is one of the latest business email compromise victims, after a fraudster pretending to be its CEO faked out the HR department and stole all of its 2016 employees' W-2 forms. Security experts say rigorous training remains the only viable defense.
FBI Director James Comey worries about data corruption, and he's focused on hackers altering data. But if government leaders feed false information into computer systems, what should IT and IT security practitioners do to protect data integrity?
Acknowledging the urgent IT security challenges the nation faces, a cybersecurity commission named by President Barack Obama encourages the incoming administration to adopt some of its recommendations in the first 100 days of Donald Trump's presidency.
A checkbox approach to security, focusing on narrow compliance issues, does little to help ensure patient data remains secure. Healthcare organizations must create a practical action plan to accomplish many goals, such as ensuring endpoints are secure, minimizing the risk of breaches, and reducing stakeholder...
It's a story you'll watch unfold time and time again. The breach. The headlines. The confusion. The public apologies. The finger-pointing. And it's often followed by some form of the following statement: "But I was compliant." Compliance is never enough. The challenges are understandable, but taking the path of least...
To better mitigate the breach risks tied to the growing use of mobile devices, organizations need to adopt enterprise digital rights management as a way to improve data security, says Gartner's John Girard.
The Health Insurance Portability and Accountability Act (HIPAA) is one of today's most common compliance mandates, but translating this law into IT action items is a challenge.
This compliance guide breaks down some of the thorniest aspects of HIPAA and focuses on what you need to know to get compliant. You'll...
While the push for security in regulated industries is compliance driven, it's essential for organizations to also develop security strategies based on business risks, says A. Shiju Rawther, head of infrastructure and security operations at a leading credit-rating bureau in India.
The surge in data breaches and the pervasiveness of malware, especially ransomware, has led to a surge in security technology startup firms, which makes it much tougher for CISOs to choose the right business partners in the overcrowded marketplace, argues Raimund Genes, CTO at Trend Micro.
The next president of the United States should establish a cabinet position focused on cybersecurity, and Congress should create a more focused approach to funding and authorizing IT security initiatives, says Larry Clinton, who heads the Internet Security Alliance.
Delta is warning that a power failure lead to system outages, resulting in numerous flight cancellations or delays. As more airline-related processes get computerized, experts are asking why the airline's systems aren't more resilient.
Security leaders discuss advanced persistent threat challenges facing enterprises, providing insights on how to identify and stop targeted attacks. They suggest appropriate mitigation techniques for advanced threat protection.