In the wake of Equifax and other major breaches, sophisticated fraudsters are finding success as never before. Al Pascual of Javelin Strategy and Research discusses how identity impersonation is manifesting.
What not to do after a breach? Share your incident response plan with your attorney and say, "Don't pay too much attention to it; we don't follow it." Randy Sabett of Cooley LLP discusses this and other lessons learned from breach investigations.
In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology.
Critical systems are under attack from external and insider threats. No access or transaction should go unchecked. That's why former federal CISO Gregory Touhill advocates the broad adoption of zero-trust security in the public and private sectors.
Open source components help developers build and deploy applications faster, but with increased speed comes greater risk. Maria Loughlin of Veracode describes how to reduce those risks through several steps, including component inventories and developer education.
Following industry standards should not be a compliance-driven, checkbox activity, says the PCI Security Standards Council's Nitin Bhatnagar. "It has to be a holistic approach, and you have to get involved with people, process and technology."
By building in some risk intelligence upfront, organizations can upgrade their security operations centers and reduce the noise from the sheer volume of alerts and false positives, says Ganesh Prasad of RSA, who shares insights.