A preliminary version of the cybersecurity framework takes a too-broad approach to privacy, says security and privacy attorney Harriet Pearson. And that could result in fewer organizations adopting the voluntary security guidelines.
One key way to reduce the risk of a breach is continuous improvement of information security programs. It's dangerous to put security controls in place and then walk away, thinking you're finished, warns security expert Kate Borten.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
Chase Bank's decision to limit daily ATM cash withdrawals on debit cards linked to the Target breach has raised questions among other issuers about whether PINs were, in fact, compromised. Is Chase just being cautious?
Ramping up efforts to mitigate insider threats needs to be a top 2014 priority at healthcare organizations as electronic health records become more ubiquitous, says privacy and security expert Stevie Davidson, who provides practical insights.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Big-box retailer Target has confirmed that a breach that likely exposed some 40 million U.S. debit and credit accounts was caused by a malware attack that infected its point-of-sale system. Find out all the latest details.
On Christmas Eve, Target issued a warning about phishing scams linked to its breach recovery efforts. In response, the retailer says it is launching a dedicated resource page on its website for official communications.
Version 3.0 of the PCI Data Security Standard goes into effect Jan. 1, 2014. What steps should organizations be taking to prepare for implementation of the standard? Troy Leach and Bob Russo of the PCI Security Standards Council explain.
The breach at Target stores that may have affected as many as 40 million credit and debit card account holders is a watershed moment that could greatly raise awareness of cybersecurity risks, says privacy attorney David Navetta.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
Was it a point-of-sale attack? A network breach? Or was it an inside job? Fraud experts disagree over the cause of the Target data breach, but they are united in how banking institutions should respond.