The technology is capable of providing all of the data organizations need for compliance, but managing the log activity to make sense of it can be a challenge.
The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.
Beginning in October, federal agencies will be required to report on their information security posture on a monthly basis, instead of annually.
The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.
A new Ponemon Institute study found that the number of data breaches caused by malicious attacks and botnets doubled last year, compared to 2008.
Cybersecurity is not the responsibility of one person or group since no one person is in charge of the internet, Department of Homeland Security Secretary Janet Napolitano said Tuesday.
A new report from the Government Accountability Office found that NASA has multiple cybersecurity problems.
Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.
Another top cybersecurity leader has stepped down - news that comes in the wake of similar high-profile government resignations and a still-vacant federal cybersecurity coordinator post.
In a reprise of an old trick, cybercriminals are using SEO poisoning to attract victims to a rogue software site, according to Trend Micro.
A serious shortage in people to fill federal cybersecurity posts threatens national security.
Next week, Microsoft will make available to consumers a new, free anti-malware service to replace its subscription model.
The U.S. Department of Homeland Security has appointed Philip Reitinger as the new director of the National Cybersecurity Center, a post left in March by Rod Beckstrom, DHS Secretary Janet Napolitano announced on Monday.
A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.
In one of its first major moves in acquiring virtual security technology firms, Trend Micro bought Third Brigade, a virtualization security and compliance software company based in Ottawa, Canada.
Lawmakers and public policy experts clashed Tuesday over whether cybersecurity control should be taken away from the Department of Homeland Security (DHS) and placed under the White House's purview.
Just days into his new job, Symantec CEO Enrique Salem is calling for a colossal shift in the way vendors and end-users approach information security.
Despite being aware of the importance of security, small-to-medium-size businesses (SMBs) generally are not protecting their networks, according to a survey released Thursday by Symantec.
Organizations use security log data to a greater extent than ever before, according to the 2009 Annual Log Management Survey from the SANS Institute.
Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes.
The FTC has established a how-to guide for coping with new requirements aimed at deterring identity theft.
President Obama has appointed the first-ever federal chief information officer.
At least 69 computers are missing from the Los Alamos National Laboratory, a national security research institution in New Mexico.
McAfee predicts in the upcoming year that web-based malware and removable storage devices will be some of be the biggest threats to businesses.
Miami Beach needed to quickly identify threats, generate immediate notifications and to quarantine infected computers.
Weaknesses remain in the Internal Revenue Service's computer systems that jeopardize the confidentiality of sensitive taxpayer information.
Human error is the primary cause of information technology security breaches because, too often, individuals are given the option to bypass security processes.
Even faced with tough budget times, there is still an opportunity, says one CISO.
BotHunter was sponsored by the U.S. Army Research Office and is being used by U.S. government and the Department of Defense.
In a victory for privacy advocates, an Orlando, Fla.-based company has been ordered not to sell keylogger spyware.
Sign up to our newsletters
SC Magazine Articles
- New SSL/TLS vulnerability, FREAK, puts secure communications at risk
- Report: Majority of health-related websites leak data to third parties
- Researchers investigate link between Axiom spy group, Anthem breach
- Natural Grocers investigating unauthorized access to POS systems
- Spammers leverage DMARC to more successfully distribute ransomware