The lead cybersecurity official for Britain's GCHQ intelligence agency dismisses charges that the U.K. conducts mass surveillance. But critics question the government's introduction of the Investigatory Powers Bill.
NASSCOM and DSCI have launched a cybersecurity task force to help develop India as a global R&D hub. Experts question whether the sponsoring organizations have set the right agenda for this new entity.
In assessing risk, computer security has three characteristics: confidentiality, integrity and availability. But not all of those traits help systems designers assess privacy risks. So NIST is developing a privacy risk management framework.
Mobile app-based ecommerce is surging forward in India's smartphone-saturated market. After Meru Cabs' data exposure earlier in May, security experts analyze legal liability, secure development & incident response.
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
Banking is no longer just about bricks-and-mortar. With institutions increasingly adopting Web and mobile banking, the threat landscape is changing. Cisco's Pravin Srinivasan shares insight for practitioners.
With growing vulnerabilities and changing cyberthreats, CISOs must leverage threat intelligence models to gauge attackers' motives, says FireEye's Rich Costanzo, who calls on CISOs to "re-imagine" security.
Britain's computer emergency response team - CERT-UK - reports that malware remains the dominant mode of online attack for cybercriminals, and Zeus their most preferred tool of choice. But the team is promoting a free information-alert service to help.
While the "Logjam" vulnerability raises serious concerns, there's no need to rush related patches into place, according to several information security experts. Learn the key issues, and how organizations must respond
In an application-driven economy, are security leaders paying enough attention to application-level security? OWASP's Dhruv Soi speaks on how to ensure security in the application development lifecycle.
Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - have a 20-year-old flaw that could be exploited by an attacker, computer scientists warn.
An army of 40,000 small office/home office routers have been exploited by automated malware. But who's responsible for devices being vulnerable: vendors for using well-known defaults; or distributors and IT managers for not locking them down?
Security leaders see the need for a formal information-sharing platform across India to enable organizations in all sectors to defend against attacks. What are the barriers, and how can they be overcome?