NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.
New guidance from the National Institute of Standards and Technology defines an information security continuous monitoring strategy and shows how organizations can create an information security continuous monitoring program.
"There are still a lot of inexperienced people out there that are passing themselves off as experts," says Scott Laliberte, managing director of Protiviti, outlining the common challenges of penetration testing.
Scott Laliberte, managing director of Protiviti, wrote the book on penetration testing, and he has strong feelings about what organizations are doing right and wrong when assessing their information security risks today.
The bill, sponsored by House Cybersecurity Caucus Co-Chair James Langevin, would create a White House office of cyberspace and replace paper-based FISMA compliance with automated, continuous monitoring of IT systems.
Virtually every business acquires, uses and stores personally identifiable information (PII) about its customers, employees and partners. These organizations are expected to manage this private data appropriately and take every precaution to protect it from loss, unauthorized access or theft. Misusing, losing or...