By Joe GottliebIt’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path.There are some must-haves that need to be in place – or at least discussed—in order for a security metrics initiative to have any chance of success:
Browsing Category: Compliance
In an unprecedented move, the Federal Communications Commission ended a 10-month investigation of Verizon Wireless with a $1.25 million settlement for restricting Android customer access to “tethering” software used to relay Internet signals to other devices.
Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers.
Dennis Fisher talks with botnet researcher Jose Nazario about whether botnet takedowns are worth the effort, the evolution of attack techniques and whether we can ever get the upper hand on attackers.
A new international cyber security alliance announced plans to put the Continents best heads together to try to envision future cyber security trends.
The general in charge of the National Security Agency on Monday said the lack of national cybersecurity leglislation is costing us big and amounting to what he believes is “the greatest transfer of wealth in history.”
U.S. Army Gen. Keith B. Alexander urged politicians to stop stalling on approving a much-needed cybersecurity law – of which various versions currently are circulating in Congress. At the same time, he implored private companies to better cooperate with government agencies, many of whom remain mum because of privacy concerns.
U.S. Sen. Jay Rockefeller wants to strengthen SEC legislation that requires publicly traded companies disclose significant digital security breaches, mainly because most aren’t.
The chairman of the Senate Commerce, Science and Transportation Committee last week added a provision to cybersecurity legislation that would direct the SEC to clarify when companies must disclose data breaches.
UPDATE: The U.S. Federal Trade Commission has fined Wyndham Hotels for a string of data breaches that resulted in information on hundreds of thousands of customers being lost to cyber criminals.
The Government Accountability Office (GAO) is warning that the U.S. government hasn’t lived up to promises to protect the privacy of Medicare patients who use the federal government’s Prescription Drug Benefit and not following through on promises to audit organizations that store patient health information.