House Republicans issue their cybersecurity legislative agenda that, in many respects, parallels the goals offered by the Obama administration and Senate Democrats, but it definitely has a GOP tinge to it.
UBS's $2 billion loss to rogue trading provides lessons for all banks. What's missing in today's financial institution culture is a balance between profits, ethics and governance, says risk management expert Frances McLeod.
Eric Rosenbach works with Defense Secretary Leon Panetta and other top DoD leaders to formulate, recommend, integrate and implement policies and strategies to improve the Defense Department's ability to operate securely in cyberspace.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Michigan this month merged government agencies responsible for physical and information security, consolidating resources as well as opening new areas for growth and partnership, state Chief Security Officer Dan Lohrmann says.
RSA Chief Executive Art Coviello challenged a widespread belief that cybersecurity awareness could curb cyberthreats: "There's no amount of consumer education to make them smart enough to resist attacks. They're just too sophisticated."
Bank of America says weekend problems with its website were not related to any online breaches or attacks, although one analyst called the timing "curious" - coming one day after the bank announced new debit card fees.
In recent years, the government has taken steps to improve federal IT infrastructure. While the 9/11 terrorist attacks were certainly a wake-up call, legislation and reform was always inevitable, says Mark Forman, former federal CIO.
Security incidents reported over the past five years have placed the confidentiality, integrity and availability of sensitive government information and information systems at risk, an annual GAO review reveals.
New guidance from the National Institute of Standards and Technology defines an information security continuous monitoring strategy and shows how organizations can create an information security continuous monitoring program.