Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.
Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.
The malicious insider or outsider does not stop on the first attempt, says Verdasys' Peter Tyrrell.
Don't hang your hat on enterprise app store security, says Jack Walsh at ICSA Labs.
We don't need to make the same mistakes of the first generation of PCs and servers, says the SANS Institute's John Pescatore.
Cloud providers must be evaluated before moving operations, says the DTCC's Mark Clancy.
Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.
Managing privacy is moving toward collaboration, communication and education, says Ernst & Young's Sagi Leizerov.
To defend against evolving threats, prepare and maintain vigilance, says DTCC's Parthiv Shah.
The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
Prior to a job switch, ask questions to learn if the company you are considering is in good shape, says former Yahoo CISO Justin Somaini.
Security pros should be less secretive, says New York City CISO Dan Srebnick.
If we want the best minds, we can no longer look to only half the population, says Karen Purcell.
2013 may be the year that U.S. companies strike back at their cyber adversaries, says Taia Global's Jeffrey Carr.
Though standards lack, sharing threat data is vital, says EMC's Christopher Harrington.
We must resolve issues around data sovereignty, says Capgemini's Joe Coyle.
Flame's cryptofunctionality silenced all the haters, says F-Secure's Mikko Hyppönen.
Only through collaboration can government and the private sector thwart cyber attacks, says Raymond Choo.
Expect a sea change in digital security over the coming years, says Richard Bejtlich.
Today's firms must identify people who have knowledge from disparate areas, says Tracey Wilen-Daugenti.
The operating environment itself must be altered, says Verdasys' Dan Geer.
Be patient and give staffers a real chance to show their stuff, says Michael Potters, CEO of the Glenmont Group.
...nevertheless, companies need to do a better job of protecting IP, says Adam Segal.
Data protection laws can be more effective if simpler, says JAS Global Advisors' Jeff Schmidt.
It's time to rethink the basic approach to protecting our businesses, and new technologies are leading the way, says Cisco CSO John Stewart.
To avoid past mistakes, one should appeal to outside experts, says Kyrus CTO Michael Tanji.
At present, unlike car safety, there are no standards for malware prevention, says George Ledin, a professor at Sonoma State University.
Assessing what level of risk is acceptable to one's business is key to any move to the cloud, says Siobhan Byron, president of Forsythe Technology Canada.
The time is ripe for open dialogue around teaching trust, says RSA Conference's Hugh Thompson.
What customers want to hear is that they can solve any problem by simply writing out a purchase order. And we in the security industry are all too happy to accept the purchase order for our devices, software and services. But...
The internet is evolving to deliver individualized experiences, but at what cost to privacy, asks Forrester's Chenxi Wang.
Data discovery is a fundamental factor in risk mitigation, says PixAlert CEO Gerard Curtin.
IT managers should consider the benefits of non-interoperable platforms, says AT&T's Ed Amoroso.
A prudent firm should not wait until a clear and direct obligation exists before taking steps to secure its systems and processes.
Data leakage prevention (DLP) is garnering a lot of attention as a cure-all for risk management.
Mobile threats will soon be used to gain access to personal and business devices, says Sean Martin.
Large vendors are bundling major components of information security into their stack offerings, says TheInfoPro's Ken Male.
Now is the time to redefine your approach to face today's threats, says Irfan Saif, principal at Deloitte & Touche.
Solely relying on your vendors is a mistake, says Sourcefire's Matthew Olney.
All merchants need to comply with all PCI DSS requirements, regardless of compliance validation mechanisms, says Mathieu Gorge, CEO and founder of VigiTrust.
It is difficult to measure exactly what the ROI is for security, particularly when you haven't suffered any type of breach, says McAfee's Alex Thurber.
Now is the time to make privacy a corporate priority, says Craig Spiezle of the Online Trust Alliance.
Social networks must be adopted in the enterprise...with precautions, says Rick Tracy.
Leave behind technological baggage and build business, says Verdasys' Emeric Miszti.
VWs require developers to be vigilant for new vulnerabilities and attacks, say Barbara Endicott-Popovsky and Aaron Weller.
A lot's been done to secure the nation's critical assets, but challenges remain, says the DoD's Robert Lentz.
REST has emerged as a core enabling "architecture" for cloud services, says AmberPoint's Andrew Brown.
Enterprises understand their reputation is on the line when things go wrong, says Jeremiah Grossman.