NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
Have corporate account takeover incidents abated? Are banking institutions ready to conform to the FFIEC Authentication Guidance? These questions are posed by the Faces of Fraud Survey. Take the survey now.
NIST proposes the establishment of an independent identity ecosystem steering group, led by the private sector but working with the federal government, to help create an environment to assure the security of online transactions.
How do fraudsters rationalize their actions, and do they feel guilt, stress, or even excitement when they actually cross that line into breaking the law? Read their answers to these questions and more.
Verisign Inc. may have followed the letter of the law when revealing a series of breaches in an SEC filing. But the company that assures the flow of a hefty portion of Internet traffic should have been more forthright to ease the minds of its various constituencies.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
"These changes might not otherwise be troubling but for one significant change to your terms of service: Google will not permit users to opt out," the leaders of a House panel say in a letter to Google CEO Larry Page.