This ISMG Security Report features a discussion of the impact on the global financial services industry of the SWIFT-related theft of $81 million from Bangladesh's central bank and similar thefts. You'll also hear reports on making IT systems more trustable and national governments' spending on cybersecurity.
NIST plans next year to clarify certain provisions in its cybersecurity framework. "Just to be clear, we're not headed toward a version 2.0 right now," Program Manager Matt Barrett explains in an interview. "We're headed to something that's more like a 1.1."
The theft of an unencrypted laptop that may have contained information on up to 400,000 inmates who served time in California prisons has been added to the federal tally of health data breaches. Experts say notifying all those potentially affected could prove challenging.
An ultra-secure operating system called seL4 developed by researchers in Australia aims to make critical systems impenetrable to hackers. How does it work, and what do the tests on a drone reveal?
Asking how many different technologies consumers will tolerate when it comes to paying for their goods and services is a bit like asking how many more superheroes moviegoers will countenance in the latest "Avengers" film.
Is SWIFT now playing good cop/bad cop? While it initially promised to not police the financial services industry, it's now considering training auditors and suspending banks found to have poor information security practices.
HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.
Russian police have arrested 50 people in connection with an investigation into a hacker group suspected of unleashing a five-year series of malware-enabled hack attacks on major Russian financial institutions and stealing $25 million.
Mike Daugherty, the president and CEO of LabMD who is fighting a legal battle with the FTC over two security indents, explains why he believes the agency is overstepping its regulatory authority. And he says that new FTC probes into PCI compliance and EMV deployment could be on the way.
Macquarie University and mobile operator Optus are opening a cybersecurity hub that will create training and research programs to help businesses deal with cyber threats.
ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.
Don't blame a lack of information security standards, security products or cybersecurity competence for the failure of breach defenses. In many cases, the culprit is design and implementation flaws in IT products, Robert Bigman, former CIO at the CIA, contends.
In the wake of reports that 65 million stolen credentials from micro-blogging platform Tumblr have surfaced online, following 117 million LinkedIn credentials, it's clear that 2016 is fast becoming the year of what one security expert dubs "historical mega breaches."
Since California passed its pioneering data breach notification law in 2003, many other states and some countries have followed suit. Here's a closer look at the status of breach notification requirements in four regions.
The breach notification site LeakedSource claims that social networking website MySpace has been hacked, with 360 million credentials containing 427 million encrypted passwords compromised. But LeakedSource acknowledges the age of the credentials is unknown. And the veracity of the data remains in question.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.