The Gartner Security and Risk Management Summit tackles digital business, a concept that blurs the physical and digital worlds, and requires organizations to reconsider how they approach IT security and risk management.
This year's Infosecurity Europe conference in London - celebrating its 20th anniversary - decamped from Earl's Court to the glass-topped, 19th-century Olympia Conference Center, and featured more than 300 exhibitors and 200 speakers.
Law enforcement officials estimate that fewer than 200 people in the world build the core infrastructure and tools relied on by cybercriminals who would otherwise lack such capabilities. What's the best way to stop them?
How does an advanced threat adversary operate for 10 years, undetected? FireEye APAC CTO Bryce Boland shares details of the decade-long APT30 campaign that targeted organizations in India and Southeast Asia.
Many security pros look askance at "cybersecurity." But Symantec's Sian John says the embrace of that term shows just how much senior executives are beginning to understand the risks their organizations face.
Assessing the risks presented by "digital business" - the new business designs that blur the digital and physical worlds - will be a theme at the 2015 Gartner Security and Risk Management Summit, says Andrew Walls, event chairman.
The lead cybersecurity official for Britain's GCHQ intelligence agency dismisses charges that the U.K. conducts mass surveillance. But critics question the government's introduction of the Investigatory Powers Bill.
In assessing risk, computer security has three characteristics: confidentiality, integrity and availability. But not all of those traits help systems designers assess privacy risks. So NIST is developing a privacy risk management framework.
Prosecutors love to tell judges that sentences for hackers and cybercriminals must be strong enough to deter future such crimes. But as the case of Silk Road mastermind Ross Ulbricht shows, they've failed to make the case for deterrence.
Breached dating website FriendFinder allegedly missed email warnings from security researchers that its site had been breached and customers' data was being sold on a "darknet" site. What can other businesses learn from that apparent mistake?
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
Vendors' and software makers' over-reliance on security messages and warnings has left users habituated to them, thus rendering such alerts less effective or even worthless, warns cybersecurity expert Alan Woodward.
To entice more women, as well as men, to enter information security professions, researcher Lysa Myers says the industry needs to kill its boring image and better communicate the full array of opportunities available and the skills that are in demand.
It's no surprise that virus-wielding hackers are exploiting Internet of Things devices. Blame too many device manufacturers rushing products to market, skimping on secure development practices and failing to audit the third-party code they use.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.