"Regulation drives spending," says George Tubin of GT Advisors. "You're in a situation where the regulators are telling you, 'You have to do something; you have to make improvements.' Therefore, the bank has to spend some money on technology."
To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.
One problem tracking IT security employment is the dearth of information. Even the most trustworthy organization in collecting employment data, the Bureau of Labor Statistics, furnishes infosec data it cautions aren't reliable.
CIO Roger Baker concurs with auditor's recommendations, saying the Department of Veterans Affairs has "embarked on a cultural transformation" and that "securing information is everyone's responsibility."
Science Applications International Corp. claims it has enough insurance to cover the costs of potential judgments or settlements stemming from seven class action lawsuits related to a September 2011 breach incident affecting 4.9 million TRICARE beneficiaries.
Ignorance is not bliss. Two new studies, when viewed together, show that consumers' ignorance of the consequences of their actions coupled with enterprises' unawareness of their computing environment equal unacceptable risk.