Though IT business application functions and security-focused practices are expected to be integrated as a single process, secure configuration is the management and control of configurations for information systems to enable security and facilitate the management of information security risk.
As far as Dr. Giles Hogben of ENISA is concerned, now might be the golden opportunity for information security experts to influence the security and privacy measures that may help define Internet safety for the next decade or beyond.
Bob Russo says the long-awaited PCI guidance on tokenization should provide merchants with a baseline for standardization and best practices, and serve as a roadmap for how tokenization can complement compliance with the PCI-DSS.
"There are still a lot of inexperienced people out there that are passing themselves off as experts," says Scott Laliberte, managing director of Protiviti, outlining the common challenges of penetration testing.
As fraud continues to evolve and affect financial institutions, careers are plentiful for fraud-fighting professionals, says Jean-Francois Legault, a fraud investigations specialist with Deloitte and Touche.
Trust has been a murky trait on the Internet since its inception. Remember the New Yorker cartoon? A dog, sitting by a PC, says: "On the Internet, nobody knows you're a dog." It's hard to trust what you see on the Net. That's more true today than ever.
Early results from the Healthcare Information Security Today survey show that insider threats, such as records snooping and ID theft, are perceived to be the most significant security threats to healthcare organizations.
The Office of the National Coordinator for Health IT has issued an advance notice of proposed rulemaking, seeking public comment on metadata standards to support nationwide electronic health information exchange.
For John Colley, managing director of (ISC)2 in EMEA, ethics need to be addressed more frequently in the workplace. Organizations can no longer assume information is legitimate or has been gained through ethical means.
Federal officials should consider a major revamp of a proposal that would require healthcare organizations to provide patients with a report listing everyone who has electronically accessed their records, a former government official who helped draft the proposal says.