The initial phase of the continuous diagnostics and mitigation initiative, a new program to secure government computers, concentrates on helping federal agencies identify and manage their software and hardware assets.
Organizations collect a wealth of information as part of their governance, risk and compliance programs, and security professionals are missing out on important insights if they don't take advantage of it.
To mark his induction into the National Cyber Security Hall of Fame, Purdue University Computer Science Professor Eugene Spafford offers insights on key challenges, including overcoming senior executives' misperceptions about key issues.
NIST is hosting a workshop this week to continue shaping the cybersecurity framework President Obama wants implemented by February. Learn about the latest developments in the effort to identify IT security best practices.
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.
Citi's settlement with two states over a breach that exposed 360,000 cards will likely set an example for other states. One expert says banking institutions will likely pay more damages when accounts are compromised.
The massive initiative to deploy continuous monitoring at U.S. federal government agencies will be done in phases, with the initial rollout occurring over three years, the Department of Homeland Security's John Streufert says.
Iris scanning is becoming old hat for authenticating individuals entering secured facilities or crossing international borders, but it remains several years away for use in providing access to IT systems.
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
Creating circles of trust - networks of IT security professionals who rely on one another - is a key element in forthcoming National Institute of Standards and Technology guidance on incident response.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Account takeover techniques are getting more sophisticated; new "account checkers" are helping hackers automate their processes. The trend is just one more reason why we need advanced forms of authentication.