Sensitive information contained in Securities and Exchange Commission computers are at risk of being publicly exposed because of lack of proper controls, according to audits by the SEC inspector general.
American Express confirms it was hit this week by a distributed-denial-of-service attack. The hacktivist group that has targeted banks in recent months claims credit for this latest high-profile attack.
Malware, DDoS and mobile security aside, one of the biggest risks is organizations' lack of visibility into specific threats. Don Gray of Solutionary explains the need for actionable threat intelligence.
For years, security and business managers have known that identity and access management (IAM) must be driven by business requirements. But typically, IAM processes are too IT-centric, and don't meet the needs of the business. In addition, traditional IAM systems have consistently been prohibitively expensive to...
Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
Although a hacktivist group says it has suspended distributed-denial-of-service attacks on U.S. banking institutions, banking and security leaders aren't convinced. "Banks should certainly remain on guard," says Gartner's Avivah Litan.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
How are banks responding to DDoS phase 2? "From a technology standpoint, we have improved our defenses quite a bit," says Dan Holden of Arbor Networks. Experts discuss top DDoS lessons banks have learned.