The U.S. government is working on a sanctions package against Chinese firms and individuals for cyber-espionage activities against U.S. companies, the Washington Post reported. This move comes after months of cyber-attacks on companies and government agencies which have been linked to China.The sanctions will impose costs for economic cyber-spying and not government-to-government intelligence activities. As a result, the incidents the package will cover do not include the Office of Personnel Management breach from earlier this year, because that attack was deemed to be part of traditional intelligence.To read this article in full or to leave a comment, please click here
As security gains greater visibility in boardrooms and C-suites, security professionals are increasingly asked to provide metrics to track the current state of a company's defenses. But which numbers really matter?More often than not, senior management doesn't know what kind of questions it should be asking -- and may concentrate too much on prevention and too little on mitigation. Metrics like the mean cost to respond to an incident or the number of attacks stopped by the firewall seem reasonable to a nonsecurity person, but they don't really advance an organization's security program.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ]
Instead, experts recommend focusing on metrics that influence behavior or change strategy.To read this article in full or to leave a comment, please click here
Fahmida Y. Rashid