Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.
With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.
The ever-increasing use of personal devices has tested enterprise defenses, so plans must be created to meet the challenge, reports James Hale.
There are steps security pros can take to achieve greater peace of mind with cloud implementations, reports Alan Earls.
Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.
Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.
Our program profiling the winners and finalists of the 2013 SC Awards U.S., held Feb. 26 in San Francisco.
John South joined Heartland Payment Systems when it still was reeling from a devastating breach...and it's the best career decision he's ever made. Dan Kaplan reports.
With almost daily advanced attacks, organizations of all sizes must be at the ready, according to respondents to this year's "Guarding Against a Data Breach" survey. Illena Armstrong reports.
Industrial control systems remain troublingly vulnerable to both internal error and outside intruders, reports Danielle Walker.
The NBA's New Orleans Hornets needed to provide its off-the-court, but highly mobile staff with a secure method for communicating. It found an enterprise remote access solution that could help.
The United States has established itself as a major force in a new era of combat, but what repercussions do state-sponsored actions in cyber space have on all of us?
PayPal's Andy Steingruebl knows security is not an insular task. By looking outside of its own walls, the company has taken the fight to the enemy, and helped everyone else in the process.
Results from our sixth-annual data breach survey are out next month, but here's a sampling of what's to come from our study of budgets, hiring practices, security solutions and more.
Despite the ubiquity of the Trusted Platform Module, holdups exist and adoption remains slow. Among them are issues with interoperability, considering Apple, Google and Microsoft all use different standards.
For those organizations at risk to a nation-state attack, preparation should come with the expectation of compromise, as well as knowledge that the damage can be mitigated.
Cloud computing still is trying to overcome the trust and reliability issues that has made it a questionable proposition for many organizations.
Compliance brings with it the stigma of cost, complexity and confusion, but viewing it from a risk point-of-view may help make it more tolerable.
Rodney Dangerfield couldn't get any respect, and neither can CISOs, who still struggle for recognition within the C-suite. But ignore them at your own risk, says Deven Bhatt, CISO for WEX.
A highly regulated debt collector from the U.K. needed to achieve compliance, but it wanted to scrap all of the point solutions on which it traditionally relied.
A group of prominent security professionals forecast the most significant industry shifts in 2013. Greg Masters compiles the responses.
Valerie Aurora and Mary Gardiner have united to form a decade-long collaboration on a variety of "women in open source" advocacy projects, including developing anti-harassment policies at conferences.
Michael Coates, director of security assurance at Mozilla and chairman of OWASP, is a steadfast supporter of open-source methods to safeguard users against security and privacy threats.
Gabriella Coleman, professor at McGill University in Montreal and avid observer of the Anonymous online collective, has become one of the pre-eminent thought leaders on the hacktivist culture.
Ron Ross is helping to lead the development of new standards and controls that security professionals can use to safeguard their organizations against today's internet threat paradigms.
Chris Soghoian, who was recently hired as the ACLU's first-ever principal technologist, has never been afraid to ruffle the feathers of the corporate establishment when it comes to privacy and security issues.
The threats to enterprise networks continued to grow this year, but the tech grab bag is also getting more potent, reports Alan Earls.
Here's a year-end look back at some of the biggest mergers and acquisitions activity in the security space.
No a business' size, employees are yearning to connect their personal devices to the corporate network. But fear not: Solutions and best practices are starting to emerge to manage the risk attached with this craze.
Most organizations cite trust issues as their primary reason for deciding against outsourcing their computing resources and data assets. So just what are cloud providers doing to ensure protection?
External adversaries, such as nation-state attackers or criminals after credit card data, may get all the attention, but insiders pose a signfiicant threat. Can the non-malicious ones be taught to act securely?
The intrusion prevention system is a mainstay of any organization's perimeter-focused security infrastructure, but its days may be numbered as a standalone technology. Yet, its purpose lives on.
For the last several years, security experts have been stressing the vulnerability of industrial control systems. Now, with attacks like Stuxnet proof of the risk, the big question is: How will industry respond?
Web browsers have become today's de facto operating system -- the single place where end-users spend most of their time. As such, they're ground zero for attacks. Technology, though, is coming to the rescue.
Sanjeev Sah has been CISO of UNC-Charlotte for just over a year, and he's already well versed on the unique circumstances that make securing colleges unlike any other vertical.
With users flocking toward mobile platforms, fraudsters will join as well. But businesses have a bigger problem: What to do about employees wanting to use their devices to connect to the corporate network.
With breaches grabbing headlines and cash funneling toward infosec budgets, the role of the security executive is shifting from tech and compliance wonk to savvy businessperson.
When the history of the cyber arms race is written, the first chapter surely will be devoted to Stuxnet. But now that these sophisticated strikes have started, there are plenty of questions to answer.
Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.
The ability to marry physical and logical security controls is maturing, which means companies can find efficiency wins, while in the process lowering their risk profile.
Many view information sharing as an elusive quest, hampered by various roadblocks. But Georgia Tech researchers want to tear down these hurdles with a new threat intelligence system known as Titan.
Security metrics remain elusive for many organizations, but key performance indicators, or KPIs, are achievable measurements that can help guide business planning and strategy.
Businesses may no longer be able to turn away employees who want to bring their smartphones and tablets to work, and connect to the corporate network. But is that actually a good thing?
While the town of Brick on the New Jersey shore maintains a 1950s aura, with the growth of digital media, its public school system had to alleviate engorged traffic on its network, while safeguarding data.
Many organizations are focusing their security efforts on deterring the external attack -- often at the expense of catching the insider threat. This could be a costly oversight, especially with the rise of BYOD.
The loss of personally identifiable information (PII) by an organization can lead to customer loss, reputational harm, and fines, but before this data can be properly guarded, it must be located.
In 1854, an English physician was one of the first to use an epidemiological method to ID disease risk. Ben Sapiro of the Dominion of General Insurance Co. wants his peers to do the same with security.
The hospitality industry remains one of the most targeted by cyber criminals. That's why Thayer Lodging Group, which owns or operates 18 hotels, knew it was time to get serious about endpoint security.
Firewalls have been an enterprise security mainstay for years. But with a majority of attacks now being launched against the web application layer of the stack, the technology must evolve.
The only way to gain the upper hand on today's advanced adversaries is by being proactive -- even aggressive, a tactic that can take many forms, says Joel Yonts, CISO of an automotive supply company.