Successfully implementing the SANS 20 Critical Security Controls requires far more than just deploying systems, platforms or services. Experts offer insights on effective strategies for leveraging technical controls.
Although the U.S. and Chinese governments blame one another for cybermischief, they should collaborate to battle common cyberthreats, says Christopher Painter, the State Department's top cyberdiplomat.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.
On the one-year anniversary of al-Qassam Cyber Fighters' first announcement about DDoS attacks against U.S. banks, experts discuss what may happen next, including whether the group will join forces with the Syrian Electronic Army.
The National Institute of Standards and Technology is re-evaluating a set of its special publications because of concerns expressed by some leading cryptographers that the National Security Agency might have corrupted the guidance.
Termination of an employee after a breach should be reserved for repeat offenders, individuals who show a total disregard for the rules, those who seek to harm another or the most egregious incidents, security expert Mac McMillan contends.
The House Intelligence Committee warns of threats Chinese chips pose to American IT systems. A new film embellishes that danger. Though pure fiction, the plot could help raise the public consciousness about cyberthreats.
Ransomware attacks are rising, and a resurgence of the banking Trojan Citadel after an earlier botnet takedown is partly to blame, McAfee Labs research shows. Malware expert Ryan Sherstobitoff analyzes the implications.
OpUSA's planned Sept. 11 DDoS against U.S. banks and governmental agencies proved to be uneventful, experts say. But they warn that other potential attacks, especially those with a Syria connection, could prove to be far more serious.
NIST is hosting a workshop this week to continue shaping the cybersecurity framework President Obama wants implemented by February. Learn about the latest developments in the effort to identify IT security best practices.
If Iran is behind distributed-denial-of-service attacks targeting American banks, should the United States retaliate aggressively with a Stuxnet-like response? Learn why the Atlantic Council's Jason Healey thinks that's a bad idea.
Federal authorities are warning banking institutions and government agencies about a wave of DDoS attacks that could strike on 9/11. Learn what steps the FBI suggests should be taken to mitigate the threat.
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.