Browsing Category: Compliance

Categories: Compliance

By Joe GottliebIt’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path.There are some must-haves that need to be in place – or at least discussed—in order for a security metrics initiative to have any chance of success:

Read more...

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers. 

Read more...

Categories: Compliance, Government

The general in charge of the National Security Agency on Monday said the lack of national cybersecurity leglislation is costing us big and amounting to what he believes is “the greatest transfer of wealth in history.”

U.S. Army Gen. Keith B. Alexander urged politicians to stop stalling on approving a much-needed cybersecurity law – of which various versions currently are circulating in Congress. At the same time, he implored private companies to better cooperate with government agencies, many of whom remain mum because of privacy concerns.  

Read more...

Categories: Compliance, Government

U.S. Sen. Jay Rockefeller wants to strengthen SEC legislation that requires publicly traded companies disclose significant digital security breaches, mainly because most aren’t.

The chairman of the Senate Commerce, Science and Transportation Committee last week added a provision to cybersecurity legislation that would direct the SEC to clarify when companies must disclose data breaches. 

Read more...