The role of a security professional in the vendor review process is to help identify which vendors are "critical" to the security of information assets.

The harsh reality is that many companies are unaware of the nature and extent of unauthorized information that is leaving their environment both electronically and physically. However, there are fundamental steps you can take to understand and prevent any potential exposure and risk of leakage of sensitive data.

In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold

As the drumbeat of negative economic updates seems to overwhelm our daily news cycles, we tend to forget that at the heart of any business engine is people.

Given the issues that we face daily, given our liability, legal and regulatory environments, the seriousness of what we do, and the effect it has on our society, it is time for us, our industry associations and certification entities, to begin the dialogue surrounding the formation of a governing body with the force of law

Conducting security assessments of critical service providers is an essential part of an enterprise risk management program.

It's refreshing to me that more and more organizations are starting to realize the value of having a CISO that is experienced and accountable for information security.

Rob Tourt, chair of the PCI Security Standards Council, outlines developments on PCI DSS requirements.

Dealing with a security issue itself is clearly the priority - stopping the damage and doing triage. Once things are under control, a more detailed analysis should take place.

E-commerce is not only attracting online consumers, it's increasingly attracting cybercriminals.