The National Institute of Standards and Technology has published new guidance on generating cryptographic keys to help organizations protect their data with secure keys no matter the type of algorithm they choose.
In parts of Europe and Asia, privacy legislation took solid steps forward in 2012. In the U.S., however, progress has stalled. Is the U.S. at risk of falling behind when it comes to privacy protection?
From point-of-sale hacks to malware and DDoS attacks, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers?
Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.
Events such as Superstorm Sandy provide an opportunity for business continuity pros to shine. What are the essential skills they need to face a crisis? Disaster recovery expert Regina Phelps offers her list.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
McAfee CPO Michelle Dennedy and Intel CISO Malcolm Harkins work for the same company, but in some ways they are worlds apart. How must privacy and security leaders bridge gaps to face challenges ahead?
Absent a uniform method, the NIST interagency report investigates credential revocation, focusing on identifying missing requirements, and suggests a model for credential reliability and revocation services that addresses those missing requirements.
South Carolina's Revenue Department went nearly a year without a chief information security officer before its tax system was hacked this summer. The agency's chief says the state couldn't find a qualified candidate for the job that pays $100,000 a year.
Developing a bring-your-own-device
policy that's well-integrated with an organization's overall information security strategy requires a multi-disciplinary, collaborative approach, says attorney Stephen Wu.