Francoise Gilbert of the IT Law Group won't give Zappos an "A" for how the online retailer reacted to its recent data breach. So, what can organizations learn from the incident, so they're better prepared?
Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
The hacking group Anonymous Brazil has targeted the websites of several of Brazil's top financial institutions, including Banco Bradesco and Banco do Brasil, with distributed denial-of-service attacks, leaving the sites in the dark, the Associated Press reports.
Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.
The University of Hawaii has agreed to settle a class action lawsuit involving data breaches affecting about 96,000. It agreed to provide those affected two years of free credit monitoring and credit restoration services.
Spear phishing, or targeted phishing, schemes are the industry's most concerning trend, according to a new report from the APWG. So, what can we do to curb phishing attacks? Executives at BITS and FS-ISAC have a new idea.
Security and privacy officers for global organizations can expect increased work in protecting customer data if a proposed regulation introduced before the European Commission becomes law, cyber and privacy lawyer Francoise Gilbert says.
Bringing Your Own Device raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, the trend will continue because that's what people want.
The hacker group Anonymous claims it's responsible for denial of service attacks on U.S. Justice Department websites after federal authorities shut down file-sharing websites, including Megaupload.com, and arrested some of its leaders.