"With the increasing breadth and depth of cyberattacks ... risk assessments provide important information to guide and inform the selection of appropriate defensive measures so organizations can respond effectively," guidance coauthor Ron Ross says.
Charles Intriago says AML investments and controls need to be streamlined. And through a new association, Intriago aims to train a new kind of financial-crime specialist that is equipped to connect fraud-fighting dots.
Mike Mitchell, who serves as chairman of the PCI Security Standards Council, says mobile is a focus for leaders in the payment security space. So does the PCI Council expect emerging tech to influence the PCI-DSS?
Organizations must carefully consider patch management in the context of overall IT security because it's so important to achieving sound security. Read about NIST's recommendations on how best to implement patch management.
In a merger, communication is essential for ensuring security and privacy challenges are met, says Christopher Paidhrin of PeaceHealth Southwest Medical Center, whose parent company recently went through a merger and will soon undergo another.
To address the security and privacy challenges magnified by the velocity, volume and variety of big data, the Cloud Security Alliance has formed a big data working group. What are the group's objectives?