NIST's Donna Dodson is leading a federal government effort to take hundreds of suggestions from the private sector to create an IT security best practices framework that critical infrastructure operators could voluntarily adopt.
The Boston Marathon tragedy is yet another reminder to organizations to develop alternative ways to communicate with employees during such emergencies. Otherwise, they could put their organizations' continuity plans at risk.
A rider covertly added to the law to fund the government through September requires select agencies to assess technology purchases for cyber-espionage and sabotage, a process that could make it harder to buy wares to secure IT.
Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.
Attacks against Facebook, Twitter and other organizations over the past few months should send a message to business owners that they need to better fund cybersecurity, IT security expert Mischel Kwon says.
Conventional wisdom suggests China isn't interested in disabling industrial control systems in the U.S. After all, such an act would be against its own economic interest. But is that type of thinking right?
A software vulnerability brought down the website that gives the public access to the National Vulnerability Database, which is run by the National Institute of Standards and Technology, the U.S. federal agency that produces information security guidance.
Companies wanting to share cyber-threat information with the government and other businesses should adopt the U.S. Defense Department's doctrine of information superiority, says Lares Institute Chief Executive Andrew Serwin.