The massive Sony breach spelled out the risks facing any business that deals in digital content. Here's how David Hahn, CISO of publishing giant Hearst, keeps the cybersecurity conversation going with his board of directors.
If Russia is, indeed, meddling with the U.S. election, there's an obvious explanation: It's irritated by U.S. policy. But if Russia's frustration is being expressed through cyberattacks, how can the U.S. respond?
A new research project called Amnesia tackles the password management problem by not storing full data in any one place where it can be hacked. But does this proposed solution truly offer better password security?
Do you have $100,000 burning a hole in your pocket and an abiding love of bitcoins? If so, then the U.S. Marshals Service has an offer you can't refuse: Bid on bitcoins seized in some high-profile investigations, including the Silk Road takedown.
MacKeeper failed to alert customers earlier this year that for at least four weeks, its anti-virus software wasn't receiving regular signature updates. Industry experts say any such delay is unacceptable for an AV vendor.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.
With hack attacks continuing against banks, SWIFT must follow in the footsteps of other vendors - notably Microsoft - and begin offering detailed, prescriptive security guidance to its users, says Doug Gourlay of Skyport Systems.
The section chief of the FBI's Cyber Division says "the FBI does not condone payment of ransom," in part because it enables criminals to victimize others. Instead, the bureau continues to urge all potential victims to get their IT house in order.
The most important lesson from the lawsuit electronic health records vendor Epic Systems filed against Tata Consultancy Services is that data security controls must extend beyond protecting personally identifiable information to include intellectual property, attorney Ron Raether explains in this audio report.
Epic Systems' successful lawsuit against India's Tata Consultancy Services raises many security questions. For example, why did Epic find out about the allegedly inappropriate downloading of trade secrets from an external whistleblower, rather than as a result of internal detection efforts?