Providers of technologies employees acquire through unconventional channels that could bypass their employers' supply-chain controls are known as "shadow suppliers." Here's why you should care about them.
A 143-point drop in the Dow Jones Industrial Average proves the power of social media and the havoc it can cause when an account gets hacked. It's time for social media companies to tighten the authentication process.
The Boston Marathon tragedy is yet another reminder to organizations to develop alternative ways to communicate with employees during such emergencies. Otherwise, they could put their organizations' continuity plans at risk.
A rider covertly added to the law to fund the government through September requires select agencies to assess technology purchases for cyber-espionage and sabotage, a process that could make it harder to buy wares to secure IT.
Conventional wisdom suggests China isn't interested in disabling industrial control systems in the U.S. After all, such an act would be against its own economic interest. But is that type of thinking right?
"We felt that it was very important to come out with this and say this was how easy it is for them to break into any U.S. company, and here's how they're doing it," The New York Times' Nicole Perlroth says.
Gov. Nikki Haley devoted nearly 10 percent of her State of the State address to cybersecurity, responding to public outrage over a breach of South Carolina's tax system that exposed the records of nearly 4 million taxpayers.
If we're at war, the fight so far is unbalanced, and the U.S. should be grateful its cyberspace adversary is Iran. "We're probably not very prepared for a virtual conflict against a really competent state, such as Russia or China," says Rand Corp.'s Martin Libicki.
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.