While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
Federal agencies overwhelming ignore guidance on the top 20 critical security controls, a new survey shows. Two risk management experts explain the pros and cons of adopting this guidance vs. broader NIST guidance.
Wayne Dunn, CTO of HarborOne Bank in New England, says improving vendor management is a top security priority for institutions in 2014. As more core banking functions are outsourced, due diligence becomes increasingly critical.
FS-ISAC has issued a white paper with tips on streamlining third-party software risk assessments. One member of a new working group explains why the adoption of standard security controls is so critical.
NIST is revising its 3-year-old smart-grid guidance to address technological and policy changes that have made the power grid more susceptible to vulnerabilities and threatened utility customers' privacy.
The White House says the conversation between the president and business leaders focused on how to encourage adoption of the cybersecurity framework. Participants also discussed the need for framework adoption by suppliers.
Purdue University's Eugene Spafford discusses the ethical issues that have been brought to the forefront by former NSA contractor Edward Snowden's leaks of classified details on a number of top-secret government surveillance programs.
The initial phase of the continuous diagnostics and mitigation initiative, a new program to secure government computers, concentrates on helping federal agencies identify and manage their software and hardware assets.
Organizations collect a wealth of information as part of their governance, risk and compliance programs, and security professionals are missing out on important insights if they don't take advantage of it.
To mark his induction into the National Cyber Security Hall of Fame, Purdue University Computer Science Professor Eugene Spafford offers insights on key challenges, including overcoming senior executives' misperceptions about key issues.
NIST is hosting a workshop this week to continue shaping the cybersecurity framework President Obama wants implemented by February. Learn about the latest developments in the effort to identify IT security best practices.
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.