Data security strategies and governance
- December 30, 2019
New privacy laws are changing data management practices in the enterprise. BigID co-founder Nimrod Vax discusses the importance of being 'data native' in the era of the CCPA.
- December 19, 2019
Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss their company's roadmap and how Clumio addresses ransomware threats in a way that's different from other backup providers.
- November 13, 2019
Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states.
- November 12, 2019
For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements.
- November 04, 2019
Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation.
- September 12, 2019
Common security risks can be mitigated or prevented, according to a panel at DerbyCon. But users need to feel empowered to speak up, and education needs to be better.
- July 30, 2019
Using Alien Labs threat intelligence, AT&T Cybersecurity's Managed Threat Detection and Response service intends to identify and contain cybersecurity threats sooner to reduce data breaches.
- May 06, 2019
Cybercriminals are increasingly taking aim at businesses, according to a recent Malwarebytes report. Security experts weigh in on best practices for defending against malware attacks.
- May 01, 2019
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.
- March 29, 2019
At the SecureWorld Boston conference, ISSA unveils data that shows cybersecurity professionals are taking on more data privacy duties. Experts sound off on what it signifies.
- March 25, 2019
FEMA's data exposure is another high-profile example of accidental data disclosures -- a trend that has some security experts calling for more focus on failed security controls.
- March 22, 2019
Facebook learned three months ago that hundreds of millions of passwords were stored internally in plaintext, but it didn't disclose the issue or notify users until the news leaked.
- February 26, 2019
Eclypsium found IBM SoftLayer cloud services are vulnerable to what it calls Cloudborne, which allows threat actors to make small, but potentially deadly firmware changes.
- February 21, 2019
CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.'
- February 15, 2019
Cybereason's Nocturnus Research team has discovered a new strain of the Astaroth Trojan that attacks antivirus software to steal credentials.
- February 07, 2019
Reinvesting in SOCs and crafting clear risk appetite statements made the list of Gartner's top security and risk management trends. Experts sound off on what's driving these trends.
- January 31, 2019
Dell has teamed up with CrowdStrike and Secureworks for SafeGuard and Response, a portfolio of endpoint security technology and services, to tackle the shifting threat landscape.
- January 30, 2019
Nexusguard found a new DDoS attack technique that targeted CSPs in which attackers used a bit-and-piece approach to inject junk into legitimate traffic and dodge detection.
- January 29, 2019
A security researcher found more than 2,000 exposed MongoDB databases that revealed a backdoor-access account operated by the Russian government, according to a report from ZDNet.
- January 23, 2019
TechTarget's IT Priorities survey revealed key security initiatives companies plan to implement in 2019. Experts weigh in on best practices to be adopted.
- January 18, 2019
During an IT GRC Forum webinar, experts explain the need for shedding legacy security approaches and highlight the gravity of drafting a data breach response plan.
- November 30, 2018
The first round of evaluations using the Mitre ATT&CK framework has gone public, putting on display how different endpoint products detect advanced threat activities.
- November 30, 2018
A new study from the Ponemon Institute shows enterprises are underestimating the value of their data, including critical and confidential information assets.
- September 24, 2018
A global Ponemon survey of security professionals found that many believe artificial intelligence and machine learning technology will improve enterprise and IoT security.
- September 05, 2018
Five Eyes -- the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. -- vows not to weaken encryption, while pushing for encryption backdoors.
- July 31, 2018
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.
- July 26, 2018
The Ponemon Institute's '2018 Cost of a Data Breach Study' details a rise in data breaches with a look at mega breaches and why U.S. companies experience the greatest loss.
- May 16, 2018
Illumio CTO P.J. Kirner discusses the threat of data manipulation and explains why subtle, hard to detect attacks could have devastating effects on enterprises.
- April 24, 2018
As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model.
- April 17, 2018
Active deception is set to be an important part of cloud defense, as Fidelis Cybersecurity adds active decoys to protect cloud assets in the enterprise.
- March 31, 2018
Following the Facebook-Cambridge Analytica controversy, major tech companies pledged to defend users from corporate data misuse, but they're ignoring a more serious privacy threat.
- March 30, 2018
News roundup: New Facebook privacy features and updates to the company's bug bounty program are being rolled out. Plus, Drupalgeddon 2.0 threatens over 1 million sites, and more.
- March 22, 2018
At IBM's Think conference, executives discussed the importance of protecting and managing data as artificial intelligence offerings like Watson grow and touch more information.
- July 28, 2017
Analyzing infosec through the lens of game theory shows that cyber-risk analysis and wasting attacker time may be highly effective cybersecurity strategies.
- June 02, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe.
- April 14, 2017
News roundup: DARPA's SSITH program tackles hardware vulnerabilities for better security. Plus, new risks placed in OWASP Top 10, SWIFT launches new anti-fraud tool, and more.
- February 21, 2017
Windows 10 privacy issues remain as EU's top privacy watchdog group, the Article 29 Working Party, issues a second warning letter to Microsoft to simplify, clarify data collection.
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- October 21, 2016
After a slow start, some U.S. companies are starting to address the questions and challenges of EU-U.S. Privacy Shield certification. But most haven't started the process.
- October 12, 2016
With EU's new privacy regulation set to take effect in May 2018, GDPR compliance may be hampered by lack of planning and awareness, Dell research finds.
- August 05, 2016
Experts find law enforcement data requests have little legal support and suggest enterprises use independent judgment when deciding whether to comply or push back.
- July 07, 2016
As the new General Data Protection Regulation privacy regulation looms, many firms face new rules and challenges to protect the privacy of EU citizens, regardless of location.
- March 03, 2016
Defense Secretary Ashton Carter announces the 'Hack the Pentagon' bug bounty program and new Defense Innovation Advisory Board to be headed by Eric Schmidt.
- March 03, 2016
RSAC panelists had a spirited and nuanced debate about government encryption backdoors, and the topic is more difficult to parse than expected.
- February 19, 2016
Roundup: DHS posts first pass at guidelines for cyberthreat indicator reporting under CISA. Plus, the U.S. planned a major cyberattack against Iran if nuclear diplomacy had failed, and more news.
- February 12, 2016
Roundup: Details are uncertain for the EU-U.S. Privacy Shield framework, as Facebook is charged with privacy violations in France over the use of the now-illegal Safe Harbor framework; more news.
- January 29, 2016
Roundup: As the deadline looms to replace the Safe Harbor data-sharing framework, the U.S. and EU continue to make progress; Senate is ready to vote on the Judicial Redress Act.
- December 31, 2015
News roundup: China passes anti-terror law requiring tech firms' help on surveillance, while new analysis of North Korea's Red Star OS shows different approach to cybersecurity.
- December 18, 2015
News roundup: As EU's Global Data Protection Regulation advances, businesses anticipate higher penalties and compliance costs. Also, malware roundup.
- November 20, 2015
News roundup: Rights groups join critics of Safe Harbor framework update, OPM breach testimony pushback, FBI hiring part of cybersecurity issue for Justice Department. Plus: recycled malware, Microsoft's security push.
- October 09, 2015
News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.
- July 23, 2015
The National Guard reported an accidental data exposure affecting thousands of former and current employees was not related to the OPM breach.
- May 08, 2015
News roundup: Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well. Plus: SAP vulnerabilities; spam-sending Linux malware; criminal attacks leading healthcare threat.
- April 27, 2015
At an RSA Conference 2015 discussion on healthcare data security, experts with decades of experience perceive a unique challenge, while security pros see similarities with other verticals.
- April 24, 2015
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.
- December 09, 2014
Trustwave says one out of every five organizations has no controls in place to prevent sensitive data exposure, despite growing criminal interest.
- November 21, 2014
News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.
- September 19, 2014
The Bitcoin market is maturing but security issues, such as private key management, persist. The Bitcoin Foundation gives the good news and bad news regarding Bitcoin security.
- June 17, 2013
Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
- April 09, 2013
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles.
- November 01, 2012
Organizations need to implement best practices to protect their trade secrets from both internal and external threats.
- September 17, 2012
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage.
- August 03, 2012
At study by the Ponemon Institute shows 63% of organizations do not fully secure confidential documents.
- March 28, 2011
Organizations are failing to protect corporate trade secrets, despite cybercriminals finding a corporations' proprietary information growing in value.
- March 18, 2011
Experts say the risk of an attack that exploits stolen proprietary data on RSA's SecurID products is low, but it can't be completely dismissed until attack details are revealed.
- March 15, 2011
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data.
- February 28, 2011
Early adopters of DLP deployments say slow, incremental rollouts help reduce the burden on IT staff and the potential for chaos among business units.
- June 10, 2010
Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) offering.
- April 29, 2010
Sensitive data may be where you least expect it: including in the drawers of old office furniture you've given away. Kevin J. Mock explains how to create a data destruction policy that can prevent sensitive data from being thrown out with the trash.
- October 16, 2009
A Burton Group study identified the leaders in the data leakage prevention market and found some enterprises deploying the technology to educate end users about security policies.
- October 02, 2009
Voltage cites performance issues and the creation of a repository of cardholder data an attractive target for attackers. RSA calls Voltage's claims unfounded.
- September 10, 2009
MSSP and PCI compliance firm buys one of dwindling field of independent DLP vendors.
- July 13, 2009
When it comes to cloud-based services, security vendors often put the cart before the horse, says columnist Eric Ogren.
- April 29, 2009
It isn't always convenient to encrypt sensitive data as part of an e-discovery process, but a data management expert at the Computer Forensics Show said its use is essential.
- March 31, 2009
Government should consider extending existing frameworks for fraud, trespassing and trafficking across state and national borders, not legislating technology, explains Eric Ogren.
- March 31, 2009
Lawmakers call the PCI standard lacking and seek significant improvements to the payment processing infrastructure to enhance security.
- March 02, 2009
Do you know where your data is? The latest HIPAA changes should motivate healthcare security teams to understand information flows.
- February 13, 2009
Law now taking effect Jan. 1, 2010 would require any business collecting information on Massachusetts residents to encrypt sensitive data, protecting it from data leakage.
- January 12, 2009
Oracle's Critical Patch Update repairs several serious vulnerabilities in Oracle Secure Backup, Oracle Database, Oracle Application Server and its business suite.
- September 29, 2008
A new survey conducted by the Independent Oracle Users Group found that many organizations are failing to use database security tools and lock down critical systems.
- July 28, 2008
The independent mobile data protection market continues to shrink with Sophos' endpoint encryption acquisition.
- July 16, 2008
NitroSecurity Inc. will integrate log management and database activity monitoring with security incident and event management (SIEM).
- June 12, 2008
The data leakage prevention market is branching out into automating data classification, analysis and device management, according to a report from Forrester Research Inc.
- October 25, 2007
Provilla's fingerprint-based endpoint data leak prevention technology will allow Trend Micro to offer customers more effective data protection, company officials said Thursday.
- October 09, 2007
McAfee is acquiring endpoint encryption vendor SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security software.
- August 09, 2007
RSA, the security division of EMC Corp., said it planned to acquire Tablus, a maker of sensitive data scanning and classification tools and data protection software.
- May 31, 2007
Two Los Angeles area men plead guilty to using devices to bilk debit and credit card data from Stop & Shop supermarkets in Massachusetts and Rhode Island.
- May 31, 2007
Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined.
- May 22, 2007
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- May 09, 2007
Some companies are investing in secure FTP suites to give employees and business partners the ability to transfer large files such as large documents, audio, video and photos.
- March 19, 2007
According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007.
- March 14, 2007
Gary McGraw, chief technology officer of Dulles, Va.-based security firm Cigital Inc., is a security luminary with several books to his credit, including "Software Security: Building Security In," "Java Security" and "Exploiting Software." His ...
- January 18, 2007
Retailer TJX Companies said a hacker gained access to its systems exposing the credit card data of millions of customers.
- January 10, 2007
Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full disk encryption (FDE) products.
- August 18, 2006
Attackers could exploit a security flaw in Apple's Xsan file system to launch malicious code and crash vulnerable machines, but a fix is available.
- July 13, 2006
The Department of Homeland Security has issued the final version of the National Infrastructure Protection Plan, but some say it falls short of being a comprehensive risk management framework for the nation's infrastructure.
- May 03, 2006
The U.S. Cyber Consequences Unit says enterprises must take specific measures to shore up their defenses, otherwise they could be vulnerable to attackers who not only steal data, but also manipulate it.