In an information technology environment where personnel are taking on increasingly complex responsibilities, the key to ensuring security is still awareness training, says former U.S. CISO Gregory Touhill, who says he'd put his last dollar on it.

An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.

An analysis of the cyber component of the Trump administration's just-published National Security Strategy leads the latest edition of the ISMG Security. Also, DHS and industry establish a cyber coordinating council to help secure the U.S. electoral system.

Legislation pending in Congress that would offer protections for companies and individuals who seek to "hack back" in retaliation against cybercriminals who have attacked them is a bad idea, contends Alan Brill of Kroll.

The latest ISMG Security Report leads with a report on a malware attack on an industrial safety system that experts contend could threaten public safety. Also, legislation giving DHS's cybersecurity unit a meaningful name progresses through Congress.

With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.

Organizations should take an "inside-out" approach to mitigating the insider threat, says Brandon Swafford of Forcepoint, who explains the components of that approach in an in-depth interview.

The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework by Jan. 19.

The latest ISMG Security Report features a special report on securing medical devices. Healthcare security leaders from the FDA, an academic medical center and a medical device manufacturer share their insights on the challenges involved.

The cloud gives organizations great new opportunities to deploy new systems and applications. It also creates a whole new level of cybersecurity exposure, says Gavin Millard of Tenable, offering tips to bridge that gap.