Citi's settlement with two states over a breach that exposed 360,000 cards will likely set an example for other states. One expert says banking institutions will likely pay more damages when accounts are compromised.
In his four years as a top DHS cybersecurity policymaker, Bruce McConnell learned that to build trust with the public, the federal government must be more transparent in the way it approaches security and privacy.
The massive initiative to deploy continuous monitoring at U.S. federal government agencies will be done in phases, with the initial rollout occurring over three years, the Department of Homeland Security's John Streufert says.
Iris scanning is becoming old hat for authenticating individuals entering secured facilities or crossing international borders, but it remains several years away for use in providing access to IT systems.
A new cross-device malware strain that has been linked to last year's High Roller attacks is defeating dual-factor authentication. Experts explain why banking institutions worldwide should be on alert.
Organizations incorporating social media into their daily operations tend to have gaps in policies, and key aspects are often an afterthought, says attorney David Adler, who pinpoints areas to address.
As victims of cyber-attacks on their domain name systems providers, The New York Times, Twitter and the Huffington Post UK may have opened themselves and their customers to more nefarious threats, a leading IT security expert says.
A malware attack that exploited a point-of-sale vulnerability of a select group of Kentucky and Southern Indiana retailers has now been linked to attacks against Schnuck Markets Inc. and four other merchants.
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
Creating circles of trust - networks of IT security professionals who rely on one another - is a key element in forthcoming National Institute of Standards and Technology guidance on incident response.