A Twitter posting by an individual claiming to be from the hacktivist collective Anonymous claimed it targeted GoDaddy on Sept. 10, but it wasn't until the following day the company determined its computers were not breached.
After a breach, some organizations meet the minimum requirements for notification and then hope for the best. The Utah Department of Health is taking a very different approach that's worthy of imitation.
The ISO 22301 standard for business continuity has been issued. What do organizations need to consider as they implement the new standard? Lyndon Bird of the Business Continuity Institute offers insight.
Weeks, months or even years often go by before organizations discover they've been hacked, not learning of the attack until law-enforcement authorities inform them, says recently retired FBI Executive Assistant Director Shawn Henry.
One problem tracking IT security employment is the dearth of information. Even the most trustworthy organization in collecting employment data, the Bureau of Labor Statistics, furnishes infosec data it cautions aren't reliable.
Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Bringing Your Own Device raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, the trend will continue because that's what people want.