information security

The Infosec Industry Isn’t Evolving

By Peter Hesse

I engaged in a long twitter conversation with Daniel Kennedy the other
day, and it made me realize that I have little faith in the information security industry right now. The industry does not seem to be evolving as fast
as the threats against information security are.

FTC Settles Charges Against Two Companies

The U.S. Federal Trade Commission on Tuesday settled charges against two companies, Ceridian Corporation and Lookout Services, Inc., provided they implement an ample information security program and agree to have audits performed on their company every other year for 20 years.

A survey conducted by Information Security Media found that new fraud methods, including phishing
and Internet enabled account takeovers are an increasing problem for
banks, but that many organizations are ill equipped to combat the new

By Alex HuttonRecently, I’ve heard some bits and pieces about how Information
Security (InfoSec) can be “threat-centric” or “vulnerability-centric”.
 This stuck me funny for a number of reasons, mainly  it showed a basic
bias towards what InfoSec *is*. And to me, InfoSec is too complex to be
described as “threat-centric” or “vulnerability-centric” and yet still
simple enough to be described at a high level in a few paragraphs in a
blog post. So I thought I’d write a “primer” post on what InfoSec is to
create a reference point.

The March issue of Information Security magazine is out this week. The cover story is a look at how security information management systems need to evolve, in particular by integrating identity management with SIM in order to tie policy violations to user activity. Also, expert Andrew Jaquith writes about how to measure meaningful information security metrics. Finally, editor Marcia Savage takes on the HITECH Act’s impact on HIPAA and how health care organizations must up their security game. Download the issue here [PDF]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.