Organizations can effectively rely on managed security services providers to take care of many tasks, but certain strategic security functions must be handled in-house, says Sid Deshpande, research director at Gartner.
Building on the success of the NIST Cybersecurity Framework, the National Institute of Standards and Technology is in the early stages of developing a privacy framework. The effort will kick off with a workshop Tuesday in Austin, Texas, explains Naomi Lefkovitz, who is leading the project.
CISOs and other security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach, says Rohit Ghai, president of RSA. "Cybersecurity conversations are becoming business conversations rather than technology conversations."
The biggest challenge for any critical infrastructure facing potential cyberattacks is devising ways to maintain business continuity, says cybersecurity specialist Prashant Pillai, who calls for building resilience into network design. He'll be a speaker at ISMG's Security Summit: London, to be held Oct. 23.
An in-depth report on the exposure of personal details for 500,00 Google+ accounts leads the latest edition of the ISMG Security Report. Also featured: an update on mitigating the risk of business email compromises and tips for protecting critical infrastructure.
What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.
As more companies move away from passwords toward behavioral biometrics, they face new challenges, says Rajiv Dholakia, vice president, products at Nok Nok Labs. "There are no standards as such in this area on how the information is collected, how it's stored and how it's processed," he says.
The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections.
Education plays a critical role in any program designed to combat insider threats, says Christopher Greany, head of group investigations at Barclays. He'll discuss how to start an insider threat program in a presentation at Information Security Media Group's Security Summit: London, to be held Oct. 23.
As new payment options continue to emerge via mobile phones and internet of things devices, the PCI Security Standards Council is broadening its security efforts, starting with a new standard for contactless payments coming early next year, says Troy Leach, PCI SSC's chief technology officer.
As attackers become more adept at evading "reactive" security controls and alert mechanisms, proactively analyzing the behaviors of people and systems is critical to detecting malicious activity, says Gartner's Kelly Kavanagh.
Machine learning could be a breakthrough for data classification, addressing fundamental challenges and paving the way to create and enforce automated policies that can be scaled across the enterprise, says Titus CEO Jim Barkdoll.
For too many organizations, software vulnerability management is just about "patch Tuesday." But Alejandro Lavie of Flexera says organizations need to adopt a new strategy focusing on visibility, prioritized response and mitigation.