An independent evaluation of the US Department of Homeland Security (DHS) information security program and practices by the Office of the Inspector General has revealed that while the department has made some significant improvements when it comes to cybersecurity, there are a few areas that cry out for more.
05 December 2013
The European Network and Information Security Agency (ENISA) has published a good practice guide designed to help the critical infrastructure mitigate cyber-attacks against the industrial control systems supporting vital industry processes.
05 December 2013
The information security arm of the UK’s GCHQ and the Centre for the Protection of National Infrastructure (CPNI) have announced the first accredited members of the two cybersecurity incident-response initiatives unveiled in late 2012.
27 November 2013
On the very day that the City of London ran operation Waking Shark II, researchers published an analysis of known bank security incidents or vulnerabilities since 2000. If Waking Shark was designed to test the cyber-readiness of the banking sector, this new analysis suggests it might not be enough.
14 November 2013
Today is Waking Shark II day – the day the City of London's cyber resilience is tested in a day long exercise. Details are scarce (it wouldn't be a test if they were known) but the war game is expected to concentrate on the ability of banks to maintain operations in the face of a sustained cyber attack.
12 November 2013
Other encrypted email services may have shut their doors after global open-source standards appear to have been weakened by the NSA, but MySecureZone has created a global hacker challenge to prove its security.
11 November 2013
Even as the implementation of the Affordable Care Act – and its attendant website “issues” – has captured a large chunk of the national attention in the US, the (ISC)² is focusing on cyber-health in a different way. The group has announced the HealthCare Information Security and Privacy Practitioner (HCISPP) certification, designed to be a foundational global standard for assessing both information security and privacy expertise within the healthcare industry.
05 November 2013
The fact that there are not enough skilled cybersecurity workers is becoming an increasing drumbeat for those tasked with improving the security posture of both public and private sector businesses. A new study underscores that while it’s essential that organizations continually evolve their security strategies to keep pace with the changing threat ecosystem, resource-strapped IT staffs are more often than not too bogged down by tactical activities to keep up.
01 November 2013
BSIMM-V is effectively a scorecard that can be used by companies to either measure or improve their existing software development security stance. It is not a 'standard' in the regulatory sense; it more a practical description of actual best practices.
30 October 2013
The lessons learnt from securing the digital infrastructure at the London 2012 Games have given BT a better understanding of how to do cyber defence, said Mark Hughes, CEO of BT Security in his keynote at RSA Europe today
30 October 2013