CIOs and CISOs must guard against making security technology decisions based on the latest threat trends hyped by vendors, focusing instead on their specific business needs, says T.S. Lim of CA Technologies.
The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
Threat-centric security frameworks need to be supplemented with an approach based on user behavior, which is becoming a critical parameter in understanding organizations' risk postures, Forcepoint's Maheshwaran S says in an in-depth interview.
The latest ISMG Security Reports leads with a top DHS cybersecurity leader, Jeanette Manfra, providing a case study on how information sharing helped mitigate the WannaCry attack in the U.S. Also, the SEC mulls toughening its cyber risk reporting requirements.
A report on the head of Equifax contending that his company - not individual consumers - owns the personally identifiable information the credit reporting agency markets to lenders leads the latest version of the ISMG Security Report. Also, a preview of the ISMG Healthcare Security Summit.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
With only six months until the EU's General Data Protection Regulation is enforced, organizations across the world that handle Europeans' data are grappling with compliance challenges, including how long to retain PII, says Devender Kumar of Mphasis, who offers advice on effective strategies.
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
Prasanna Lohar, head of technology at DCB Bank, describes how 20 banks in India are working together to identify the best ways to leverage blockchain technology to help fight fraud and improve services, such as customer onboarding.
The latest ISMG Security Report features highlights from the recent panel discussion at the ISMG Fraud and Breach Prevention Summit in London on preparation for the European Union's General Data Protection Regulation set to be enforced next May.
To help prevent breaches caused by third parties, organizations need to improve their vendor risk evaluation methods, carefully assessing their business partners' processes and risk mitigation methods, says Anuj Tewari, CISO of HCL Technologies.
As the explosive growth of the internet of things continues, it's essential to take a structured approach to implement security-by-design with secure coding and end-to-end encryption of data, says Mumbai-based Juergen Hase, CEO of Unlimit, the IoT business unit of the Reliance Group.
Jennings Aske, CISO of New York-Presbyterian, says the healthcare sector is still struggling to figure out medical device security and contends that federal regulations have not been helpful in making it a priority.