Lockheed Martin, the country's largest military contractor, is investigating the root of a "significant and tenacious" attack against its information network. Could this attack be linked to the RSA SecurID hack earlier this year?
An inside breach at BofA that led to more than 300 compromised accounts signifies growing concerns about internal threats. But experts say organizations can implement strategies to detect - and in some cases even predict - internal fraud.
See our Full Coverage of the State of Government Information Security Today 2011 survey.
President Obama declared cybersecurity a national security priority in May 2009, in effect making the IT experts at all levels of government the frontline troops defending local, state and federal information assets.
The Obama administration's plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, according to experts who raise open questions about the proposal.
"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect the intrusion quickly, all perhaps by design," Sony Computer Entertainment America Chairman Kazuo Hirai said in a letter to Congress.
From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," says Rickey R. Hass, deputy inspector general for audits and inspections.
Attackers could leverage vulnerabilities to gain control of air traffic control systems, with intruders using unprotected computers to compromise other systems that depend on the same network, a Transportation Department audit reveals.