Getting buy-in for information security spending from those who hold the purse strings can be tricky unless risks are properly assessed and articulated. See how some healthcare security leaders tackle the budget challenge.
New focus for anti-fraud pros: Cloud computing providers whose employees may steal or harm customer data they host. Experts from Carnegie Mellon University's CERT Insider Threat Center offer prevention tips.
Former federal prosecutor Kim Peretti understands international crime investigations. And she calls the arrests in the $45 million global bank heist "a victory for us." What lessons can investigators draw from the case?
Insider threat case study: Dawn Cappelli tells how three individuals quit their jobs at a law firm, then used a free cloud service to sabotage files containing proprietary client information from their ex-employer.
The OWASP Top Ten list of security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.
Intel Chief Information Security and Privacy Officer Malcolm Harkins sees having one leader who handles IT security and privacy responsibilities as essential. "At the end of the day," he says, "there's a level of common objectives."
Security firm Mandiant recently released a widely publicized report detailing cyber-espionage activity originating in China. Mandiant Director Charles Carmakal discusses the latest nation-state threats.
NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.
NIST's Donna Dodson is leading a federal government effort to take hundreds of suggestions from the private sector to create an IT security best practices framework that critical infrastructure operators could voluntarily adopt.