As a result of high-profile breaches, such as the Target incident, security is increasingly a board issue. What are the key topics security leaders should prepare to discuss in 2014? Alan Brill of Kroll offers his forecast.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Federal agencies overwhelming ignore guidance on the top 20 critical security controls, a new survey shows. Two risk management experts explain the pros and cons of adopting this guidance vs. broader NIST guidance.
President Obama defends the National Security Agency's bulk-collection initiative, but suggests he may adopt some of the recommendations presented by a panel that proposes changes in the NSA's surveillance program.
An independent presidential panel makes recommendations to limit the National Security Agency's surveillance methods, including curtailing the way the government systematically collects and stores metadata from Americans' phone calls.
Cyberthreats increasingly target mobile devices, and simple security measures could help end-users slash these incidents by 50 percent. This is the key finding of ENISA's new Threat Landscape Report, says Louis Marinos, the prime author.
A federal district court judge's ruling that a National Security Agency program collecting metadata from telephone calls could be unconstitutional suggests that the law hasn't kept pace with changing technology.