RSA customers who feel victimized by last March's breach of the security vendor's computers have viable options that include continued use of the SecurID authentication tokens, those offered by competitors, or something entirely different: biometrics.
The release of the list coincides with the issuance of the Common Weakness Scoring System that allows software makers to identify vulnerabilities in their programs and buyers to determine software they acquire is secure.
"It's not enough to know the architecture of the breach system," says Michael Aisenberg of MITRE Corp. "Leaders have to understand the different jurisdiction of where they do business, where their customers are and which breach law applies."
As the Sony and Epsilon breaches show, privacy is now in the news media every day. And organizations need to be prepared to address the issue, says Trevor Hughes, executive director of the International Association of Privacy Professionals.
Organizations are starting to adapt to cloud computing, but they're hesitant about placing their core assets in the online environment, according to results from the 2011 ISACA IT Risk/Reward Barometer.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
NRC CISO Patrick Howard is among three information security leaders who share their experiences, approaches and challenges from battling data breach incidents that had an impact on their organizations and their careers.