Georgia Tech researchers are working on a way to profile devices along the supply chain to identify whether they've been compromised, says Paul Royal, associate director of the Georgia Tech Information Security Center.
Training that's designed to help workers avoid clicking on links from spear-phishing e-mails may be ineffective because employees often fail to read training materials, says Eric Johnson, a Vanderbilt University professor who's co-author of a new study on the subject.
Big data is a hot item on every banking institution's security agenda, says Gartner analyst Avivah Litan. Here she explains why mid-sized institutions are in the best position to implement new technology.
The new year's top trends in background screening can be summed up in two words: legal and compliance. Les Rosen of Employment Screening Resources offers expert tips for more effective screening.
As a result of high-profile breaches, such as the Target incident, security is increasingly a board issue. What are the key topics security leaders should prepare to discuss in 2014? Alan Brill of Kroll offers his forecast.
The hacking of Skype's Twitter account, Facebook site and blog serves as a reminder that organizations must diligently protect their credentials, a cybersecurity expert says.
Days after a German newspaper reported that the NSA had compromised commercial computer hardware and smart phones for years, the agency says it, too, is concerned about the security of those products.
2014 may well be the "Year of Security," and IT security pros must prepare now for new job demands. ISACA's Robert Stroud offers five New Year's resolutions to help prepare for 2014's security trends.
Many business leaders lack a clear understanding of the value of identity and access management. CISO Christopher Paidhrin offers a scenario for how to make the case for an IAM investment.
American and Russian negotiators met last month to discuss cybersecurity issues, including the use of the Nuclear Risk Reduction Centers to improve communications between the two nations to mitigate malicious cyber-activity.
A federal district judge in New York upheld the constitutionality of the National Security Agency's program to collect metadata of phone calls made by Americans. The ruling conflicts with another federal judge's recent decision.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
How can organizations mitigate the risks posed by the unintentional insider threat? The strategy requires a combination of technical and non-technical solutions, says researcher Randy Trzeciak.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.