Here’s something that most of us around DC have to worry about … either directly or indirectly through our enterprise users. First it was a spiked PDF document disguised as a CFP. A few days later it was a list of conference attendees in a booby-trapped ZIP file. Now it’s back to malicious PDF...
Read more »
Could the addition of a new maturity model to the Nation’s Electrical Grid System improve security and protect the grid from cyber threats? An article at InfosecIsland.com a few weeks ago discussed a recent White House initiative to add a maturity model to be used throughout the entire energy industry. I’ve always been a bit...
Read more »
A recent article over CSO Online by Taylor Armerding debates if password use might be outdated. According to Armerding, some experts believe that passwords are becoming obsolete and alternative forms of authentication such as biometrics should be used. Others argue that passwords are a solid form of authentication as long as they are used properly....
Read more »
There’s been some talk about cyber insurance lately. How it’s a great business strategy … how it’s a rip-off … how you should approach it cautiously… The first thing that comes to my mind when I think of cyber insurance are companies purchasing it as a replacement for actually implementing any security at all....
Read more »
Over the holidays I came across an announcement that Pentagon officials have approved the use of Android in addition to BlackBerry to meet their mobile computing needs. In summary the reasons why they chose Android included: Open Source Platform: Google likes to call Android open source however they only legally meet what true open...
Read more »
Here’s another quick post on an article I’ve been meaning to mention for the last month or so. It falls under the “2012 prediction” category so referencing it now still seems relevant. Plus it follows nicely with yesterday’s post on the hottest security jobs but is more focused on salary. I’ve added some commentary...
Read more »
Today’s post was contributed by Sarah Clarke on her thoughts of NIST’s recent update to SP 800-64 Electronic Authentication Guideline. Another milestone has been reached in the race to get rid of now-suspect RSA token technology. On December 12, 2011, NIST published the Electronic Authentication Guideline SP-800-63-1, which updates guidance previously provided in SP-800-63....
Read more »
A recent article over at Computer World suggested that the best way to create new infosec talent for the burgeoning security field may not necessarily be to push students through budding cyber security degree programs. Depending on the situation I feel this assertion may or may not be valid. Two potential options managers often...
Read more »
The long wait for a key Federal cloud computing program is over with the launch today of FedRAMP. FedRAMP will help Federal Agency managers to adopt cost-saving and service improving cloud computing solutions. For over two years the Federal government’s “cloud first” policy has floundered. Government executives and managers moved cautiously on adoption concerned...
Read more »
As one of the components of an information system, does the user component need more security emphasis than attackers? As many suggest, the human aspect is the weakest link in an organization’s information security because users interact with an information system both inside and outside the organization. An article posted recently on TechJournal South...
Read more »
