To deliver effective information sharing and threat intelligence, the security industry must settle on a single set of threat-sharing standards, says David Duncan of the Internet security firm Webroot.
To mitigate the threat posed by malicious insiders or attackers who compromise real users' credentials, businesses must create and monitor a baseline of legitimate user behavior and activities, says Idan Tendler, CEO of Fortscale.
As organizations increasingly focus on securing critical data, they mustn't overlook one huge vulnerability: enterprise email. Steven Malone of Mimecast discusses the latest in unified email management.
To secure the growing number of devices being used within enterprises requires organizations to be sure they're providing the right access to the right resources for the right people, says Ping Identity's Nat Klassen.
Automating processes could help organizations tackle the shortage of cybersecurity practitioners by making the job of analyzing threats simpler and more efficient, says Jessica Gulick, a vice president at security provider CSG Invotas.
As the U.S. completes its payments migration to the EMV chip, merchants and card issuers should be bracing for an uptick in card-not-present fraud, says Carol Alexander, head of payment security at software provider CA Technologies.
As organizations move toward storing and processing more data on the public cloud, security needs be automated and based on sound policies to mitigate growing threats, says HyTrust President Eric Chiu.
A class-action suit filed by U.S. banks and credit unions that's pending against Target could prove fruitful for the banks and credit unions, says attorney Chris Pierson, chief security officer at invoicing and payments provider Viewpost.
Mark Clancy, CEO of Soltra, which provides an automated information sharing platform, says banks and credit unions that don't share threat intelligence will never advance their information risk management practices.
Attitudes about cyberthreat information sharing, as well as attack attribution, have dramatically changed in the last 18 months, says the FS-ISAC's Bill Nelson, a featured speaker at RSA Conference 2015.
The PCI Council has just released PCI DSS 3.1, which calls for mothballing the SSL encryption protocol. What do security leaders need to know about the revised standard? Troy Leach of the council offers insights.