Two new reports by a federal watchdog agency hit a familiar theme: Some state Medicaid systems have weaknesses that potentially put sensitive data and government operations at risk.
The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.
As virtualization drives greater adoption of hybrid data centers, the same security challenges facing physical data centers often exist within cloud computing environments. Next-generation firewalls provide a unique way to protect data center applications and data regardless of where they are located - on-premises, in...
From a security perspective, moving your applications and data to AWS does not necessarily eliminate or minimize your security challenges. Regardless of their location - public, private cloud or physical data center - your applications and data are an attacker's target, and protecting them in AWS introduces the same...
In a 2016 IDC CloudView survey, 80% of the enterprises contacted were actively engaged in public-cloud projects. The driving forces are a realization that the public cloud is "enterprise ready" and the need to be more agile, more responsive and more competitive. For those organizations that already have an existing...
As business-centric groups continue to drive adoption of the public cloud, security teams are not always involved in the process. Dialogue between the security and business groups to achieve a public cloud architecture and deployment that accounts for both groups' demands is essential to effective...
Card issuers continue to find themselves victims of ongoing attacks perpetrated by fraudsters looking to rapidly exploit any opening they can find in e-commerce transactions. Fraudsters often exploit cards from multiple issuers, which is why they are transitioning to a model that uses real-time device information from...
The biggest obstacles to achieving "incident response excellence" are security and IT tool integration and coordinating incident response. Even if analysts can identify an imminent threat, they may not even know whom to contact on another team for remediation.
Download this whitepaper and learn how to:
Prioritize...
As threats and threat actors multiply and evolve, digital attribution becomes ever more critical, says Gartner's Avivah Litan. She discusses how to approach attribution and also offers her take on the technologies that could help secure U.S. elections.
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?
The malicious use of encryption is growing at an alarming rate according to NSS Labs' BaitNET test infrastructure. Why? Encrypted web communication routinely bypasses enterprise security controls. Left unscanned, these channels are perfect vehicles for hiding infection, command & control and data exfiltration....
At ISMG's recent New York Fraud & Breach Prevention Summit, attendees interacted with technology solution providers and other thought leaders, gaining practical insights on solving real-world problems.
Hackers have been targeting the Scottish Parliament in a "brute force cyberattack" aimed at guessing users' email passwords. Security experts say it's unlikely that state-backed attackers would resort to such a blunt assault.
Philips plans to fix alarming vulnerabilities in a web-based application used to track patient radiation exposure. Versions of the DoseWise Portal mistakenly shipped with errors, including hard-coded credentials for a database and lack of encryption for patient data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
