Recent breaches indicate that stronger controls are needed to protect key corporate assets - especially identities. CA's Steve Firestone discusses how to protect identities, while at the same time improving the user experience.

In the wake of the Oct. 1 EMV fraud liability shift date, U.S. merchants can expect to pay for counterfeit fraud losses previously absorbed by European issuers, says Jeremy King of the PCI Council. Longer-term, he expects European banks will experience more fraud as U.S. POS and card security leapfrogs other markets.

As a result of Experian's data breach, 15 million T-Mobile subscribers are at risk from phishing attacks and fraud. But it's not clear what more T-Mobile can do to protect breach victims, says security specialist Mark James.

Cybercrimnals are now using the Dyre and Dridex banking Trojans to gather massive amounts of data about individuals and companies that could enable them to track patterns of behavior, which might later help them evade intrusion detection, says Fox-IT's Eward Driehuis.

The commoditization of attack infrastructure and services in the cyber-criminal underground, and the low cost and ease of launching targeted attacks, are growing concerns that require new defense strategies, says Trend Micro's Raimund Genes.

In addition to having a dedicated individual or team responsible for privacy matters, organizations must ensure their information security and IT staffs are knowledgeable about data privacy issues, says Trevor Hughes, CEO of the International Association of Privacy Professionals.

PCI Council General Manager Stephen Orfei says the migration to EMV in the United States will facilitate faster adoption of contactless mobile payments. That's why mobile will be a hot topic at the PCI Council's annual North America Community Meeting this week.

The traditional Security Operations Center is out, and the new Security Intelligence Center is in. Greg Boison of Lockheed Martin tells how security leaders are winning business support for this evolution.

Gregory Wilshusen discusses the path he followed to his job as the government's lead information security auditor and the skills needed to be an InfoSec auditor.

The attacks have evolved, breaches have multiplied, and serious security gaps have been exposed. But what most concerns FireEye President Kevin Mandia? The rise of nation-states as leading threat actors.