Francoise Gilbert of the IT Law Group won't give Zappos an "A" for how the online retailer reacted to its recent data breach. So, what can organizations learn from the incident, so they're better prepared?
NIST proposes the establishment of an independent identity ecosystem steering group, led by the private sector but working with the federal government, to help create an environment to assure the security of online transactions.
Although insider-threat incidents within organizations tend to be different case-by-case, says Carnegie Mellon University's Dawn Cappelli, there are similarities and patterns that organizations can look for when mitigating their risks. What are some of the common characteristics among insiders, and how can...
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
Rep. Dan Lungren, the bill's chief sponsor, contends the regulatory approach taken by his bill would be less intrusive on the private sector than proposed Senate legislation and a plan by President Obama.
Much more work needs to be done to build public trust in efforts to protect the privacy and security of electronic health records and the exchange of health information, according to a new report from The Bipartisan Policy Center.
"These changes might not otherwise be troubling but for one significant change to your terms of service: Google will not permit users to opt out," the leaders of a House panel say in a letter to Google CEO Larry Page.