To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.
One problem tracking IT security employment is the dearth of information. Even the most trustworthy organization in collecting employment data, the Bureau of Labor Statistics, furnishes infosec data it cautions aren't reliable.
CIO Roger Baker concurs with auditor's recommendations, saying the Department of Veterans Affairs has "embarked on a cultural transformation" and that "securing information is everyone's responsibility."
Science Applications International Corp. claims it has enough insurance to cover the costs of potential judgments or settlements stemming from seven class action lawsuits related to a September 2011 breach incident affecting 4.9 million TRICARE beneficiaries.
Ignorance is not bliss. Two new studies, when viewed together, show that consumers' ignorance of the consequences of their actions coupled with enterprises' unawareness of their computing environment equal unacceptable risk.
The cost of a data breach is down, say the latest Ponemon Institute study. But as the Global Payments breach shows, organizations still have many reasons to be concerned, says researcher Larry Ponemon.