Stories about: Securities and Exchange Commission

The U.S. government has taken several steps to combat identity theft during the past two years, including increased prosecutions of criminals and decreased use of Social Security numbers to identify constituents, according to a report released Tuesday.

How bad was 2007 for breaches, vulnerabilities and similar mayhem? On the bright side, it was better than 2008 is forecast to be. With more of every sort of meltdown predicted -- more criminalization of the hacker community, more Web-application attacks, more phishing, more spamming, more zero-day attacks and more virtualization-related threats -- we're happy to tell you that you are likely to look back on 2007 as the peaceful old days.

Stratton D. Sclavos, CEO and board member of digital infrastructure vendor VeriSign, resigned from the company Tuesday. No reason was given for the resignation.

I'm a CISO who has worked in the US financial services industry both as a regulator and for a large services company. In this column I'm going to let you in on one of the biggest, dirtiest secrets in the industry: The companies that get the least amount of scrutiny from financial regulators actually present some of the greatest risks for systemic financial market manipulation and fraud. I'm talking about financial news and brokerage service companies.

Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO -- or alternately, "chief security officer," which might include physical security as well -- isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job.

Sure, you're thinking, records retention can be deadly. Deadly dull

IBM on Wednesday announced its intent to acquire Internet Security Systems for US$1.3 billion in an all-cash deal expected to be completed by year-end.

EMC's planned acquisition of RSA Security for US$2.1 billion is garnering mixed reviews from analysts on Wall Street and within the technology industry.

CISOs at midsize businesses face many of the same problems as CISOs at larger companies, but with a lot fewer resources. What they've learned can help any CISO get by on less.

Regulatory requirements like Sarbanes-Oxley, BASEL II and HIPAA were designed to improve governance and security within the enterprise, but at some companies they appear to be doing just the opposite.

The recent wave of regulations require an entirely new approach to storing and searching e-mails. Noncompliance is not an option.