The Federal Information Security Management Act has become a whipping boy for everything lacking in government IT security, but the law gets too little credit for what it has accomplished—and often is blamed for things that are not its fault.
Measuring security is a difficult job that can put CSOs and CISOs at a disadvantage at budget time. A set of information security metrics has been developed by the Center for Internet Security to help provide a standardized, repeatable way to measure your security status.
Spam trends identified in MessageLabs' threat report for April suggest that keeping domain registrars honest could be an effective way to help squeeze spammers out of the Internet, but it's no silver bullet.
Call it a merger of equals or a strategic partnership, but the apparent cooperation between two botnet giants, Waledac and Conficker, has some observers concerned.
A survey for the RSA Conference eFraud Network Forum shows that professionals want more information, and they want it quicker when personal information is breached.
A common theme at the recent RSA security conference was that people, not technology, are the missing element in improving the quality of our IT security.
Legislation introduced by Sens. Rockefeller and Snowe has some good ideas, but it would be too far-reaching to be practical or prudent.
The 60-day review of the country's cybersecurity posture will only scratch the surface of the challenges we face, but one thing has been decided: The White House will be in charge of cybersecurity policy.
In a short time, the Web has become an embedded infrastructure in our economy and society, but it is a double-edged tool that frequently cuts the hands using it.
Development of security standards will go hand in hand with development of technology for the new Smart Grid.
DNSsec provides a classic example of the government’s ability — by providing the will and the market for new technology — to lead by example and affect IT security far beyond its own domain.
Americans appear to be all too ready to adopt innovative technologies before they have been secured.
If we don’t know who is attacking us and why, we run the risk of escalating minor incidents with inappropriate responses.
A clear framework for defending cyberspace will require some attitude adjustment by both government and the private sector.
Popular applications and increasing functionality equal a growing threat to unsuspecting users.