The hunt for a Boston Marathon bombing suspect that locked down the city caused massive disruption to business operations, but enterprises that had business continuity plans in place hardly missed a beat.

To retain their customers after a breach of sensitive information, organizations should take the extra step of calling those affected to offer free credit protection services, says security expert Brian Dean.

Bring-your-own-device policies must be frequently updated because of new risks, such as mobile malware, says Jim Pitts of BITS, which has developed best practices for BYOD in banking.

Lisa Xu, CEO of NopSec, says pursuing leadership roles in information security - a male-dominated field - can be challenging for women. What advice does she offer for women to grow in their careers?

NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.

Kaspersky Lab has identified a new spear-phishing attack involving a Trojan designed to target Android devices. Researcher Kurt Baumgartner says organizations need to be prepared for more mobile malware attacks.

E-mail authentication foils phishing, but authentication is only effective if every partner in the chain adopts it. John Carlson and Andrew Kennedy of BITS explain how institutions can improve e-mail practices.

Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.

New and proposed FFIEC guidance for fraud prevention and social media spurred Bank of the West in March to launch a viral campaign aimed at fraud awareness. What are the campaign's key elements?