"You need a CISO today to manage not only the IT risks, but understand and influence the business risks that are imposed on the company by the decisions and strategies it takes," says John South, CISO at Heartland Payment Systems.
These new sites now make Information Security Media Group the largest global network of information security-focused media sites, reaching the most diverse audience of decision-makers in each of ISMG's key markets.
Fraud threats have changed little in the past decade. But their global scale has, and James Ratley, president of the ACFE, details how fraud examiners must change their approach to fighting these crimes in 2012.
As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
A wave of security breaches serves as a catalyst for all types of organizations to assess the need for cyber insurance. Here's the story of one institution that saw the threat and took out a $10 million policy.
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of ExperianÂ® Data Breach Resolution.
Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in winning support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.
When it comes to responding to today's high-profile information security incidents, technical abilities simply aren't enough, says Gavin Reid of Cisco's Computer Security Incident Response Team. Here are the five must-have skills for today's incident response professionals.
Smart phones, laptops, tablet PCs, optical discs and USB devices. There are many new mobile devices and emerging technologies to help today's professionals do their jobs in any location - and increasingly private business is being conducted on personal digital and storage devices. Yet, these technologies create new...