Robin Slade of the Santa Fe Group says current vendor risk evaluation methods are inefficient. She advocates peer collaboration through shared assessments of vendors to help improve management of third-party risks.
The FTC says LifeLock has violated a 2010 settlement by continuing to make deceptive claims about its identity theft protection services. After the FTC made the announcement on July 21, Lifelock's stock value plummeted.
The hack of "cheating" dating site AshleyMadison.com is a reminder that no website or personal information can be guaranteed to remain secure against determined attackers. So businesses and consumers must plan accordingly. Here are six takeaways from the incident.
The string of hacker attacks in the healthcare sector, including the UCLA Health breach, calls attention to the urgent need for organizations to step up their security programs, John Halamka, CIO at Beth Israel Deaconess Medical Center, and other security experts say.
By now, organizations are well acquainted with DDoS. But do they understand the attacks' key components and how to mitigate them? Akamai's Matt Mosher shares the questions to ask when purchasing DDoS mitigation.
Misusing data access privileges can pose a threat to the integrity of an organization's IT systems and the privacy of individuals. But gray areas exist, and it's not always clear cut when "unofficially" accessing protected data means users are abusing their privileges.
The risks of e-commerce breaches are top-of-mind again with the news of a possible compromise of PNI Digital Media, which manages and hosts online photo services for numerous big-name retailers. How can the risks be mitigated?
The extramarital-affair online dating website Ashley Madison has been hacked, and attackers have threatened to release full details for the site's more than 37 million subscribers across 46 countries unless the service shuts down.
UPDATE: CVS, Walmart Canada, Rite-Aid, Sam's Club and other retail chains have suspended their online photo services following a suspected hack attack against a third-party service provider that may, in some cases, have resulted in the compromise of payment card data.
As more enterprises adopt software-defined networking, hackers are finding the emerging technology to be a new route to penetrate organizations. Anthony Lim of (ISC)Â² recommends ways to secure SDNs against attacks.
Privacy attorney Kirk Nahra says largely overlooked provisions tucked away in the "21st Century Cures" bill recently passed by the U.S. House of Representatives could have a significant impact on patient privacy.
In the latest in a string of major cyber-attacks in the healthcare sector, UCLA Health confirms that information on 4.5 million individuals may have been exposed when hackers breached its network in an attack that appears to have begun last September.
British police have re-arrested Lauri Love, who's been charged with 2012 and 2013 hack attacks against U.S. government computers, including systems operated by the Federal Reserve, U.S. Army and NASA. But Love plans to fight extradition.
Does your organization really have a clear idea of what measures your business associates are taking to safeguard your most sensitive data? Yet another breach, this one affecting Arkansas Blue Cross Blue Shield, points to the risks.
With so much stolen PII available to fraudsters, it's time for banks and others to move to more sophisticated forms of authentication of customers' identities. Knowledge-based authentication is no longer reliable.