If we're at war, the fight so far is unbalanced, and the U.S. should be grateful its cyberspace adversary is Iran. "We're probably not very prepared for a virtual conflict against a really competent state, such as Russia or China," says Rand Corp.'s Martin Libicki.
Many organizations are weighing whether cyber-insurance is a worthwhile investment. A decision on the type of policy to buy, and what it should cover, depends, in part, on the type of information that could be exposed.
Kathryn Marchesini, a privacy adviser at the Office of the National Coordinator for Health IT, outlines the three most important steps healthcare organizations should take to avoid breaches of information on mobile devices.
The growing threat landscape exacerbates the IT security skills shortage, meaning many organizations struggle with inadequate and sometimes unqualified staff. How are security leaders addressing the crisis?
A federal advisory panel has recommended that the Office of the National Coordinator for Health IT issue guidance soon on how to verify the identities of patients seeking online access to their records.
In this week's breach roundup, regulators are investigating a possible breach involving Kaiser Permanente and a business associate, and hackers compromise servers at a University of North Carolina cancer center.
Tom Ridge, the first Homeland Security secretary, questions the wisdom of granting the Department of Homeland Security greater authority to influence IT security within the federal government and the nation's critical IT infrastructure.
In light of growing threats and the increasing complexity of information technology, organizations must get everyone in the enterprise, especially top leaders, involved in assessing and managing information risk.
Like the cartoonish Kilroy peeking his head over a wall during World War II, unemployment among IT security professionals has bared its head. But don't take these stats as gospel. The data suggest 'full employment' reigns in the infosec community of workers.
To mitigate the top threats for 2013, organizations need to understand the motivations of potential attackers so they can adequately defend their networks and systems. Experts describe risk management strategies for the year ahead.