The new virtualization guidance issued by the PCI Security Standards Council urges organizations to take a risk-based approach when dealing with virtualization methods, especially within cardholder data environments.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
Organizations are starting to adapt to cloud computing, but they're hesitant about placing their core assets in the online environment, according to results from the 2011 ISACA IT Risk/Reward Barometer.
It's clear that major data breaches have become not just a topic of mainstream news, but they're occurring with such frequency and potential devastation that they're almost deserving of a 24-hour news desk.
Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies, has been in privacy management for more than a decade, and he has two main concerns about today's enterprise: Mobile technology and cloud computing.
When it comes to hot topics, they don't get hotter than authentication, cloud computing and IT governance - all of which I've discussed at length in recent interviews with industry thought-leaders. Let's review some highlights from these conversations.
Globally, countries and organizations now recognize the need for a unified approach for managing IT infrastructure services, says Marlin Pohlman of the Cloud Security Alliance. The trick is developing this new set of global standards.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
"On a global basis, countries are recognizing that they need a uniform commercial code, if you will, for data - a unified approach for managing IT infrastructure services," says Marlin Pohlman of the Cloud Security Alliance.
Top executives seek the CISO's advice to help determine whether cloud computing benefits outweigh the risks. Here are the top five cloud security risks and concerns CISOs must discuss with their leaders.