NIST is revising a map that links its core security controls, SP 800-53, to those published by the International Organization for Standardization, ISO/IEC 27001, to help protect data shared among government agencies and businesses.
2014 has seen an explosion of mobile banking demand and services. But as the channel grows, so do the threats against it. What are today's top threats, and how can institutions offer more secure mobile banking?
News reports of a suspected attack against JPMorgan Chase, and perhaps other banks, serve as an important reminder for financial institutions to ramp-up their security efforts, especially to guard against phishing attacks.
As a result of an agreement with the Information Commissioner's Office, a U.K. horse racing website will conduct routine testing and ensure security updates are regularly applied following a 2013 breach that affected more than 677,000 user accounts.
An investigation into a suspected breach at JPMorgan Chase suggests that attackers used highly customized malware, and exploited multiple zero-day vulnerabilities, to breach the bank's network, according to news reports. But were other banks hit?
Too many organizations fail to adequately manage and secure their SSH keys, even though the keys secure everything from file transfers and backups to patching and database management, NIST warns in new draft guidance.
Information Security Media Group recently hosted a Twitter chat on the latest fraud trends featuring analyst Avivah Litan, director of research at Gartner, Read the entire transcript of the #ISMGprotalk Twitter chat.
Early reports suggested Russian hackers are behind complex attacks and network intrusions at multiple U.S. financial services firms, including JPMorgan Chase. But security experts warn against jumping to conclusions, based on scant evidence.
The PCI Security Standards Council has issued an alert offering insights for mitigating the threat of "Backoff" POS malware, which has hit 1,000 U.S. businesses. Plus, the council is providing updated guidance for maintaining PCI-DSS compliance.
Russian hackers stole data from JPMorgan Chase and at least one other bank in a mid-August attack against the U.S. financial system, according to a Bloomberg news report. The attack allegedly resulted in the loss of "gigabytes" of sensitive data.
The UK's Ministry of Justice has been hit with a Â£180,000 penalty from the Information Commissioner's Office after the loss of two unencrypted hard drives containing personal information on prisoners.
A Google-like search engine known as ICReach has enabled government agencies to share more than 850 billion records from phone calls, e-mails and Internet chat sessions, according to a report that cites leaked documents from Edward Snowden.