Browsing Category: Compliance

10 Tips for Getting Started With Security Metrics

Categories: Compliance

By Joe GottliebIt’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path.There are some must-haves that need to be in place – or at least discussed—in order for a security metrics initiative to have any chance of success:

Read more...

Verizon Settles with FCC for $1.25 Million Over Tethering Block

Categories: Compliance, Government

In an unprecedented move, the Federal Communications Commission ended a 10-month investigation of Verizon Wireless with a $1.25 million settlement for restricting Android customer access to “tethering” software used to relay Internet signals to other devices.

Read more...

Firms Need ‘Tough Love’ In Struggle Against APTs

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers. 

Read more...

Jose Nazario on Botnet Takedowns, Cybercrime and Whether We Can Ever Win

Dennis Fisher talks with botnet researcher Jose Nazario about whether botnet takedowns are worth the effort, the evolution of attack techniques and whether we can ever get the upper hand on attackers.

Read more...

NSA Chief Says Today’s Cyber Attacks Amount to ‘Greatest Transfer of Wealth in History’

Categories: Compliance, Government

The general in charge of the National Security Agency on Monday said the lack of national cybersecurity leglislation is costing us big and amounting to what he believes is “the greatest transfer of wealth in history.”

U.S. Army Gen. Keith B. Alexander urged politicians to stop stalling on approving a much-needed cybersecurity law – of which various versions currently are circulating in Congress. At the same time, he implored private companies to better cooperate with government agencies, many of whom remain mum because of privacy concerns.  

Read more...

Senator Seeks to Strengthen SEC-Required Cybercrime Reporting

Categories: Compliance, Government

U.S. Sen. Jay Rockefeller wants to strengthen SEC legislation that requires publicly traded companies disclose significant digital security breaches, mainly because most aren’t.

The chairman of the Senate Commerce, Science and Transportation Committee last week added a provision to cybersecurity legislation that would direct the SEC to clarify when companies must disclose data breaches. 

Read more...