Detecting and preventing advanced attacks isn't just a technology issue - it's a business risk that needs to be elevated to the highest levels of an organization. Trend Micro's Tom Kellermann shares strategies.

In devising advice to help organizations identify which information security and privacy controls to adopt, NIST risk management expert

Ron Ross, a NASCAR fan, looks to the way mechanics decide how to fix a car.

Vendors are rushing useful new "Internet of Things" products to market, but too often treat device security and data privacy as an afterthought, says Forrester Research analyst Andrew Rose.

Karl Schimmeck of the Securities Industry and Financial Markets Association won't discuss reports about the group's alleged backing of the formation of a cyberwar council, but says financial institutions must play a role in protecting critical infrastructure.

As a customer, Delaware Chief Security Officer Elayne Starkey has seen the evolution of cloud computing over the past three years to a point where she has more sway over the security terms of cloud services contracts.

Big data has been the recent buzz in security circles, but what are organizations missing by overlooking the power of "small data?" Verizon's Jay Jacobs discusses how to get the most from data analytics.

Attackers increasingly focus on software vulnerabilities in what application security expert Anthony Lim calls "the invisible onslaught." How can the CISO exert more control over software development?

Attacks are more frequent, severe and complex. How can security pros defend against the entire attack continuum - before, during and after? Cisco's Bret Hartman describes a threat-centric approach.

Enabling the secure sharing of patient data is a key aspect of work under way to modernize the Department of Veterans Affair's VistA electronic health record system, says Jim Traficant of ASM Research, which is leading an infrastructure project.

To detect and deter today's threats, security teams need new and dynamic data analytics capabilities. Haiyan Song of Splunk discusses the analytics-enabled SOC and how to improve incident response.