First Target, then Neiman Marcus; who's next? And while banking institutions await the next attack, how should they respond to customers' anxious questions about this latest round of high-profile retail data breaches?
While news of the NSA's data collection caught many off guard, it's just another example of the U.S. culture of surveillance, says sociologist William Staples, author of the book "Everyday Surveillance."
Georgia Tech researchers are working on a way to profile devices along the supply chain to identify whether they've been compromised, says Paul Royal, associate director of the Georgia Tech Information Security Center.
Leon Rodriguez, director of the HHS Office for Civil Rights, could leave the HIPAA enforcement agency to become the director of U.S. Citizenship and Immigration Services if his presidential nomination is formalized and he wins Senate approval.
Breach detection provider FireEye has acquired incident response and remediation services company Mandiant , forming a formidable company that can provide soup-to-nuts products and services to detect, mitigate and respond to breaches.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
Chase Bank's decision to limit daily ATM cash withdrawals on debit cards linked to the Target breach has raised questions among other issuers about whether PINs were, in fact, compromised. Is Chase just being cautious?
Big-box retailer Target has confirmed that a breach that likely exposed some 40 million U.S. debit and credit accounts was caused by a malware attack that infected its point-of-sale system. Find out all the latest details.
On Christmas Eve, Target issued a warning about phishing scams linked to its breach recovery efforts. In response, the retailer says it is launching a dedicated resource page on its website for official communications.
Version 3.0 of the PCI Data Security Standard goes into effect Jan. 1, 2014. What steps should organizations be taking to prepare for implementation of the standard? Troy Leach and Bob Russo of the PCI Security Standards Council explain.
Federal agencies overwhelming ignore guidance on the top 20 critical security controls, a new survey shows. Two risk management experts explain the pros and cons of adopting this guidance vs. broader NIST guidance.