President Obama faces a dilemma in deciding whether to prohibit the National Security Agency from tinkering with encryption as one way to collect intelligence data from adversaries who threaten to harm America.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.
NIST is revising its 3-year-old smart-grid guidance to address technological and policy changes that have made the power grid more susceptible to vulnerabilities and threatened utility customers' privacy.
Purdue University's Eugene Spafford discusses the ethical issues that have been brought to the forefront by former NSA contractor Edward Snowden's leaks of classified details on a number of top-secret government surveillance programs.
Organizations collect a wealth of information as part of their governance, risk and compliance programs, and security professionals are missing out on important insights if they don't take advantage of it.
To mark his induction into the National Cyber Security Hall of Fame, Purdue University Computer Science Professor Eugene Spafford offers insights on key challenges, including overcoming senior executives' misperceptions about key issues.
It's been four years since federal officials began tracking major healthcare data breaches. What important lessons can be learned from the causes of these breaches as well as HIPAA enforcement actions by federal regulators?
Account takeover techniques are getting more sophisticated; new "account checkers" are helping hackers automate their processes. The trend is just one more reason why we need advanced forms of authentication.