Security experts are sizing up the challenges that would be involved in implementing a federal government proposal to continuously monitor employees and contractors with security clearances in hopes of preventing leaks of sensitive information.
Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.
In the wake of the Target breach, the University of Pittsburgh Medical Center has ramped up Internet monitoring to detect early if the organization is a target for attacks, says John Houston, UPMC's security and privacy leader.
Because of increasing cyber-attacks against government agencies, the inspector general says it's crucial for the State Department to address the continuing weaknesses in its information security program.
Security & Risk professionals recognize the value and benefits of implementing an employee-monitoring program. Privacy advocates and Legal and Human Resources professionals see potentially unwarranted invasion of employee privacy as reasons not to monitor, or at least to restrict monitoring to instances where...
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
In the financial services industry, in-depth log analysis is essential to maintaining enterprise-wide security and meeting compliance requirements, including PCI-DSS regulations. In addition to being required to meet compliance standards, continuous monitoring of customers' financial data activity logs helps to detect...
Organizations incorporating social media into their daily operations tend to have gaps in policies, and key aspects are often an afterthought, says attorney David Adler, who pinpoints areas to address.
What are the most common types of cyber attacks, and where do organizations find themselves most vulnerable?
According to the new 2013 Cyber Security Study:
47 percent of surveyed organizations know they have suffered a cyber attack in the past year;
70 percent say they are most vulnerable through their...
Addressing cyber-attacks is not just a technology issue. It requires a holistic view from the entire organization, says ISACA's Jeff Spivey, who emphasizes the need for a framework approach to security.
Healthcare organizations aren't performing enough analysis of user behavior to detect possible insider threats, says security consultant Mac McMillan, who outlines the importance of auditing for abnormalities.