NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Security and privacy officers for global organizations can expect increased work in protecting customer data if a proposed regulation introduced before the European Commission becomes law, cyber and privacy lawyer Francoise Gilbert says.
Recently discovered viruses, consisting of Trojans and other malware, at City College of San Francisco have stolen personal banking information and other data from perhaps tens of thousands of students, faculty and administrators, says John Rizzo, president of the board of trustees.
A legal dispute between a small merchant in Utah and its former payments processor has fueled a debate over contracts between merchants and acquirers. If successful, this case could spur contractual shifts that change the way card brands view liability after card breaches.
Cyberhackers are increasing their efforts to target online credentials. And phishing attacks waged against accountholders at Chase in the U.S. and Barclays in the U.K. have made it clear that banking accounts are the target.
A breach is a disaster, says business continuity specialist Ken Schroeder. So organizing an effective breach-response team does not require a reinvention of the wheel. What it does require is a holistic approach.