Two banks that claim to have suffered losses from the recent data breach at Target have sued Trustwave Holdings Inc., the company that was responsible for validating Target's compliance with the Payment Card Industry Data Security Standard.
In the wake of revelations exposed in classified National Security Agency documents leaked to reporters by Edward Snowden, Facebook must show its users that their data is safe from the prying eyes of government spies.
Encryption technologies can be a powerful tool against government surveillance, but the most effective techniques are still largely out of reach to the average Internet user, Edward Snowden said Monday.
The first Cebit trade show in the post-Snowden era will focus on security, showing off locally developed bug-proof phones and messaging systems, as well as the ability to protect mobile devices using smartcards.
That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.
I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.
Risks to enterprises are not only of the security breach variety from outside attackers, malicious insiders or even careless employees. Another comes from everybody in an organization a even its most loyal, careful, capable members.
In large-scale organizations, implementing mobile device management (MDM) is typically given. After all, with so many employees using mobile devices that either contain or connect to sources of sensitive information, there needs to be some way to keep everything in check. But what about those companies that aren't big enough to be able to afford an MDM implementation and a full-sized IT department to manage it? Without a means to centralize the control of mobile devices, how can these smaller companies protect their data?
Pen tester Mark Wolfgang argues segmenting for security is a key piece of an overall defense-in-depth strategy. Here he explains why and how to accomplish it in your organization (registration required)
How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.