"With the increasing breadth and depth of cyberattacks ... risk assessments provide important information to guide and inform the selection of appropriate defensive measures so organizations can respond effectively," guidance coauthor Ron Ross says.
One takeaway from the $1-billion-plus verdict against Android-maker Samsung for infringing Apple patents is that the users of infringed technology also could be held legally liable, patent attorney Jim Denaro says.
By combining responsible management, risk management and compliance functions and internal audits, organizations will go far in securing their data and systems, says PricewaterhouseCoopers Partner Carolyn Holcomb.
The benefits from employing social media as a way to connect with stakeholders outweigh the risks, says David Bradford, the editor of a new survey of risk managers. Still, he says, the risks must be adequately addressed.
What exactly is continuous monitoring - and why is it so hard for organizations to get it right?
It is one of the most discussed and least understood concepts in enterprise risk management today. Fundamentally, continuous monitoring is about deploying systems to examine all of the transactions and data processed...
LinkedIn contends it had on staff world-class security experts when nearly 6.5 million members' hashed passwords were pilfered, although the social media company has neither a chief information officer nor chief information security officer.
Georgia Tech Research Institute is beta testing a malware intelligence system that research scientist Chris Smoak contends will help corporate and government security officials share information about the attacks they confront.
IT security practitioners realize much value from the monthly cybersecurity index created a year ago by Mukul Pareek and Dan Geer. Why? They benefit from knowing how others see the evolving threat environment.