Incorporating new concepts such as security-control overlays and placing a renewed emphasis on information assurance, the forthcoming guidance is 'a total rewrite' from the 2009 version, NIST's Ron Ross says.
To know how best to respond to IT and communications failures, incident response pros first must collect information on such incidents, says Marnix Dekker, who co-authored a new report for ENISA.
Updated risk assessment guidance from NIST provides helpful insights that healthcare organizations can apply, says security consultant Kate Borten. Learn more about how to leverage the guidance.
If President Obama's second term were a movie sequel, I'd call it "Unfinished Business." It's time to step up and see through the cybersecurity initiatives Obama spoke about when he first took office.
Top executives must be transparent with their stakeholders when their IT systems get attacked. Otherwise, their enterprises' reputations could be more severely damaged, says IBM Fellow Luba Cherbakov.
The failure to take appropriate steps to secure their IT assets leaves small and midsize enterprises vulnerable to attacks from cybercriminals seeking to pick low-hanging fruit.
What's missing from remarks by Defense Secretary Leon Panetta, Senate Majority Leader Harry Reid and others is how the stalemate that led to the filibuster of the Cybersecurity Act could be resolved. Will the election make a difference?
Infosec pros take note: As the overall number of "true exploits" have decreased, targeted ones - especially those initiated by criminals or nation states - are becoming harder to detect, say IBM's Rick Miller.
Managers and internal auditors don't necessarily see eye-to-eye when it comes to the results of an IT audit. PricewaterhouseCoopers' Carolyn Holcomb explains the challenges and solutions.
NIST's Ron Ross, one of the world's top information risk thought leaders, says new guidance he co-wrote doesn't dictate how organizations must approach risk assessment, but gives enterprises options on how to conduct risk appraisals.
The guidance discusses methods, techniques and best practices for the sanitization of target data on different media types and risk-based approaches organizations can apply to establish and maintain a media sanitization program.
The new report aims to help access-control experts improve their evaluation of the highest security access-control systems by discussing the administration, enforcement, performance and support properties of mechanisms that are embedded in each system.
"With the increasing breadth and depth of cyberattacks ... risk assessments provide important information to guide and inform the selection of appropriate defensive measures so organizations can respond effectively," guidance coauthor Ron Ross says.
September is the peak of the Atlantic hurricane season. How should organizations in the potential path of these storms assess preparedness? Alan Berman of the Disaster Recovery Institute advises.
One takeaway from the $1-billion-plus verdict against Android-maker Samsung for infringing Apple patents is that the users of infringed technology also could be held legally liable, patent attorney Jim Denaro says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.