"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect the intrusion quickly, all perhaps by design," Sony Computer Entertainment America Chairman Kazuo Hirai said in a letter to Congress.
From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Intel CISO Malcolm Harkins says the Sony PlayStation breach reminds CISOs in all sectors that such incidents can't be avoided, but their risks can be managed.
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," says Rickey R. Hass, deputy inspector general for audits and inspections.
Attackers could leverage vulnerabilities to gain control of air traffic control systems, with intruders using unprotected computers to compromise other systems that depend on the same network, a Transportation Department audit reveals.
It's been over three months since the accidental disclosure. When will the final FFIEC authentication update be released? "I don't think we're any less safe," says Gartner's Avivah Litan. "We just need to step up enforcements."
Gigi Hyland, board member of the National Credit Union Administration, says the latest draft of authentication guidance is awaiting final signoff from just one member agency of the Federal Financial Institutions Examination Council.
When it comes to authentication and identity management, state governments face challenges and vulnerabilities of their own making, says Brent Crossland of Entrust.
Domain Name Security - it's one of the most neglected aspects of information security, but critical to healthcare organizations, says Mark Beckett of Secure 64.
The Epsilon e-mail breach has opened the door for what experts fear could be 'massive spear phishing attacks.' Here are 7 security tips to help organizations protect themselves and their customers.
The Epsilon e-mail breach has opened the door for what experts fear could be 'massive spear phishing attacks.' Here are 7 security tips to help organizations protect themselves and their customers.
Defining essential federal information systems to keep operating during a partial government shutdown could prove more complex than defining essential federal workers not to furlough.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.