Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
How can security pros help organizations prevent breaches and data loss? The Online Trust Alliance has released its latest guide to data protection and breach readiness, and OTA founder Craig Spiezle offers tips.
Although suggestions in a new Federal Trade Commission staff report do not have the force of law, they do provide guidance on how the agency could enforce American federal laws and regulations to protect the privacy of users of smart phones and tablets.
"This is our life for the future," DHS's Mark Weatherford says. "Bad guys are figuring out that they can create this kind of havoc at almost [no] cost for themselves. It is more than just a distraction; it is now the way we operate."
A quick glance at a new survey suggests that businesses care more about protecting the privacy of their customers than governments do about their citizens. That's what the numbers say. But the numbers don't necessarily tell the whole story.
Using technology to prevent breaches is insufficient. Security leaders also must address the human factor, making sure staff members receive appropriate training on clear-cut policies - before it's too late.
Managing advanced persistent threats will be a priority throughout 2013, says RSA CISO Eddie Schwartz. How should organizations defend themselves against APTs and the year's other top security threats?
It's not malware, crime rings or hacktivists. What, then, are among the threats that concern security leaders most? CISO Tom Newton offers new insight on today's top threats and strategies to combat them.