Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A panel of industry experts will be examining the institute's policies in light of controversy.
NIST has removed the Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator from its draft guidance on random number generators.
Toshiba's MQ01ABUxxxBW series hard disk drives (HDD) has achieved validation to U.S. Federal Information Processing Standard 140-2 (FIPS 140-2).
CloudLock announced the availability of CloudLock Compliance for Google+, a PCI/PII compliance solution for the social network.
Attacks against medical devices and critical health care systems are no longer theoretical. In fact, according to a report from the SANS Institute, poorly protected health care systems are not able to fight off the barrage of attacks.
According to a recent survey of security and compliance professionals from U.S. government agencies and contractors, a dysfunctional Congress could be “the biggest security threat we face.”
CloudLock, a Waltham, Massachusetts-based firm that helps companies secure data stored in the cloud, has raised $16.5 million in a Series C funding round led by Bessemer Venture Capital.
A new study by the Ponemon Institute finds malware installed via zero-day exploits presents the biggest threat to corporate data.
Please join Trend Micro and SecurityWeek on Thursday, Dec. 5th at Ruth's Chris Steakhouse in Bellevue, WA for an interactive security event with great food and open bar!
Please join Trend Micro and SecurityWeek on Thursday, Dec. 5th at Ruth's Chris Steakhouse in Bellevue, WA for an interactive security event with great food and open bar!

FEATURES, INSIGHTS // Compliance

rss icon

Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.
Nick Cavalancia's picture
In the era of the public cloud, when employees are frequently using consumerized applications to share and store data, it's time for security and risk professionals to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself.
Jon-Louis Heimerl's picture
The Omnibus Rule that updated the Health Insurance Portability and Accountability Act (HIPAA) has the potential to be a game changer because of the things it says in writing, as well as some of the things that it doesn’t say.
Dr. Mike Lloyd's picture
2012 was an interesting year in security – publicity around breaches led to greater awareness than we’ve seen in years, encouraging many in the Federal sector to look into our corner of IT. So what will happen in IT Security 2013?