Anonymous says its OpUSA attack planned for May 7 aims to 'wipe' government and banking websites from the Internet. Security experts say the threat is real, but are U.S. organizations taking it seriously?
NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.
Hacktivists' phase 3 DDoS attacks against U.S. financial services firms have entered their eighth week, and FS-ISAC spokesman Greg Garcia says concerns are mounting that a criminal element to the attacks could emerge.
American Express confirms it was hit this week by a distributed-denial-of-service attack. The hacktivist group that has targeted banks in recent months claims credit for this latest high-profile attack.
Malware, DDoS and mobile security aside, one of the biggest risks is organizations' lack of visibility into specific threats. Don Gray of Solutionary explains the need for actionable threat intelligence.
Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
Given the magnitude of sensitive information on Social Security Administration computers, the inspector general says, any loss of confidentiality, integrity or availability of systems or data could have a significant impact on the nation's economy.