President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
In many if not most enterprises, the chief information security officer reports to the chief information officer. After all, enterprises cannot function without IT, and security is a support function to safeguard data and systems. Or is it?
Years before she helped put fraudster Albert Gonzalez behind bars, Kim Peretti was an attorney who had dual interests in law and technology. How did she channel her interests into a prominent career?
Women in information security are becoming even more of a minority because of poor treatment and stereotypes, says Professor Eugene Spafford. What's the cost to organizations, and how can they break the mold?
An analysis of the Target breach prepared for a Senate committee is a political document that might help its patron's agenda but doesn't go far enough to identify technical solutions to help enterprises avoid Target-like breaches.
(ISC)² is celebrating its silver anniversary as a global organization educating and certifying information security professionals. What are the key threats and trends driving the profession's future growth?
Banking Trojans such as Zeus have gotten much tougher to detect because of new attack techniques, which means intrusions are going undiscovered for longer periods, says Trusteer researcher Etay Maor.
What are the top 20 books that all cybersecurity professionals should read? Rick Howard of Palo Alto Networks discusses his effort to develop a "Cybersecurity Canon."
White House Cybersecurity Coordinator Michael Daniel assesses the cyberthreat environment facing the nation and explains what the federal government is doing about it.
The threats, attacks and crimes don't differ greatly around the world. What does differ is how each region responds. Freddy Dezeure of CERT-EU is working to ensure that Europe is ready to respond appropriately.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
In light of the critical shortage of information security professionals, organizations must strive to become a "center for security excellence" to successfully recruit the specialists they need, says analyst John Oltsik of Enterprise Strategy Group.
A grand jury's indictment this week of the alleged leader of a $5 million ATM skimming scheme illustrates how collaboration among international authorities is working to more swiftly bring global cybercrime leaders to justice.
Bankers and retailers are hotly debating who should be liable for losses and expenses associated with the breach at Target. See how our readers weighed in on the issues involved.
While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
