All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.

Dust off your company's risk assessment process and make sure it is up to date because this is where your approach to defending against a WikiLeaks type of threat is going to start.

The security chief of Zynga offers tips for deterring today's sophisticated attacks. They include understanding attack vectors, quantifying risk, controlling damage and being a trusted leader.

Health care chief information security officers (CISOs) have to ask themselves, "What exactly are the security and privacy requirements around EHR?"

From my perspective, 2010 has been a critical year for global payment card security efforts that may ultimately result in a significant reduction in future payment card fraud levels, says Bruce Rutherford, chairman, PCI Security Standards Council.

Security is not compliance, and compliance is not security.

To get a complete picture of where critical information resides, it is very important to inventory at the business process level, says the Washington Post Co.'s Stacey Halota.

There is a lack of sufficient filtration and protections of internet traffic as implemented by the ISPs.

It is imperative that a team approach be used to meet the security needs of state business, says Kris Rowley, CISO, state of Vermont.

I am still amazed by the number of organizations that still don't have all of the right people working toward a singular goal of compliance for the organization, says Maurice L. Hampton, information security & privacy services leader, Clark Schaefer Consulting.