Not too fast, not too slow. Notwithstanding regulations and contractual obligations, that's legal and security experts' consensus on how quickly organizations that suspect they've been breached should notify individuals whose information may have been exposed.
A look at experts promoting blockchain as a secure way to share cyberthreat information leads the latest edition of the ISMG Security Report. Also, how sound waves pose a threat to IoT devices, smartphones and medical devices.
New Mexico lawmakers have overwhelmingly approved the Data Breach Notification Act. If signed, as expected, by Gov. Susana Martinez, Alabama and South Dakota would be the only states without such a statute.
With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
Payment-terminal maker VeriFone Systems says that attackers managed to access its corporate network in January, but that the intrusion and related breach was limited, has been contained and that any fallout appears to be minimal.
What did Yahoo executives know about multiple data breaches and attacks that the company suffered, and when did they know it? Those questions have continued to dog Yahoo as it negotiates its sale to Verizon for the now-discounted price of $4.5 billion.
CISOs and security analysts alike complain that security information and event management (SIEM) technology has not fully lived up to its promises. Even with SIEM systems in place, enterprises still suffer from alert fatigue, and security teams armed with SIEM event and flow data still miss untold numbers of attack...
Australia's Parliament has passed a mandatory data breach notification law that requires some organizations to tell consumers and regulators about an incident within 30 days or face hefty fines. But one security expert says the law has gaps that could pose risks.
The subscription-based breach notification service LeakedSource appears to have gone dry. Security expert Troy Hunt says the privacy writing has been on the wall for the site, owing to it selling access to stolen personal data.
U.S. authorities are reportedly investigating whether Yahoo should have notified investors faster about two separate data breaches that it suffered in 2013 and 2014. Until last year, one breach remained undetected and the full severity of the other was not understood.
A 2015 incident involving unauthorized access to a database that healthcare professionals use to check insurance eligibility of patients appears to have resulted in a breach affecting 220,000 individuals, according to just-released details.
The number of reported U.S. data breaches hit an all-time high in 2016, according to Identity Theft Resource Center. But for half of all breaches, the number of exposed records isn't known. And what about all of the breaches that just haven't come to light?
Most organizations have embraced more than one software platform to automate their critical business processes. Platforms are becoming more flexible, allowing users to customize or configure their own applications. As your use cases grow, you may question whether you should leverage an existing platform for your next...
As enterprises continue to outsource more aspects of their operations to third parties, they expose themselves to more shared risk. It can be a staggering responsibility. Most organizations understand the need to automate vendor risk management activities to keep up with increasing scope and scrutiny. Yet they...