Gene Fay of Resilient Systems says the traditional method of solving risk issues through technologies no longer works. Instead, he says, security must be built on the foundation of an effective incident response plan.
RSA Conference Asia Pacific and Japan, which wrapped up last week, was a successful reflection of this region's hottest security topics. Here are some of my own observations, as well as feedback from the attendees.
A lawsuit filed against information services firm Experian alleges the company failed to detect that a customer of its data aggregator unit was a fraudster. Could stronger customer vetting have prevented misuse of information?
RSA Conference Asia Pacific & Japan kicked off in Singapore with some power-packed keynote sessions by security leaders. Here are some of my first impressions about the tone set for the event and the days to follow.
The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age, whether it comes to online dating or the Internet of Things.
Outrage has erupted in Britain after a London police helicopter crew tweeted a photograph of well-known comedian Michael McIntyre as he was about to cross the road. Has the British surveillance state run amok?
Shed a tear for enthusiasts of aging Microsoft Windows operating systems. That's because Microsoft has now retired Windows Server 2003 support, as well as anti-virus scanner and signature updates for Windows XP. But breaking up can be hard to do.
Although they apparently weren't caused by cyber-attacks, the impacts of computer failures at the New York Stock Exchange, United Airlines and the Wall Street Journal have much in common with the aftermath of breaches.
Is it wrong that accused Lizard Squad hacker Julius Kivimaki, a teenager who was convicted of 50,700 "instances of aggravated computer break-ins" attacks, gets to walk away without having to serve any jail time?
MasterCard is testing a smartphone app that lets users approve online transactions using facial recognition, via the equivalent of taking a selfie. But could such technology be spoofed, and will it reduce card fraud?
The PCI Security Standards Council has just released version 2 of its point-to-point encryption standard. Jeremy King of the PCI SSC explains how this optional standard can complement PCI-DSS compliance.
Would encryption, two-factor authentication and other measures stop a determined adversary from stealing millions of U.S. government personnel files? No, a former CIA CISO says. Read how Robert Bigman would defend against OPM-style cyber-attacks.
Following its mega-breach, the U.S. Office of Personnel Management suspends use of its online background check application system, citing a vulnerability. Also, the agency now faces a breach-related lawsuit filed on behalf of federal workers.