Figuring out how Edward Snowden breached NSA computers is sort of like solving a puzzle. Take public information and match it with an understanding of how organizations get hacked, and the pieces seem to fall into place.
FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.
Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.
The National Institute of Standards and Technology continues to collaborate with the National Security Agency on its IT security guidance even as it investigates whether the spy agency meddled with one of its special publications.
As major cloud vendors, including Salesforce, integrate identity and access management features into their platforms, security professionals must size up the role that stand-alone IAM systems will play in the long run.
Pennsylvania Chief Information Security Officer Erik Avakian explains how the commonwealth is using a $1.1 million federal grant to pilot a program to furnish single identities to residents who transact state business over the Internet.
Senior leaders in business and government are buying in to the need for more cybersecurity investments as well as threat-intelligence sharing, new research shows. But why are they still struggling to hire the right security pros?
Organizations must develop a "defensible response" to data breaches and fraud incidents because of the likelihood of a regulatory investigation or legal action, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.
Organizations collect a wealth of information as part of their governance, risk and compliance programs, and security professionals are missing out on important insights if they don't take advantage of it.
New revelations about how the National Security Agency collects and uses e-mail and instant-messaging contact lists demonstrate bad data governance practices that raise serious concerns, a leading privacy attorney says.