Attribute Based Access Control matches attributes of a person requesting access as well as attributes of the resources being requested against a policy

Is ABAC a better method for secure info sharing?

The CIO Council has identified Attribute Based Access Control as a tool for enabling information sharing across government, and NIST is developing guidelines. But it won't be easy.

AOptix iphone biometric tool

App, case turns iPhone into on-the-spot biometric scanner

The hardware and software package from AOptix would allow police and the military to take fingerprint, iris, face and voice readings in the field.

Fingerprint authentication for mobile cloud device

6 steps to secure mobile access

The IdentityX platform leverages the federal cloud and up to six ID factors to authenticate users, even those using devices not managed by the enterprise.

Blackholing stops DDOS attacks but shuts off all traffic

Blackholing stops DDOS attacks but consumes everything else too

As attacks increase in power, efficiency and duration, operators may have to use black holes to protect their networks.

DDOS acks increasing

DDOS attacks turn up the volume

Attacks from botnets are increasing in bandwidth and, significantly, packet rates, a Prolexic report says.

iPhone has most vulnerabilities but Android is the most attacked

iPhone has most vulnerabilities, so why is Android the most attacked?

Android, with only a handful of vulnerabilities reported in 2012, was the OS of choice for malware writers, Symantec says.

Image of aftermath of the Boston Marathon bombing by Vjeran Pavic via Flickr

How video analytics helps reconstruct Boston Marathon bombings

Analyzing terabytes of footage from events such as the Boston Marathon bombings is still a largely manual task, but video analytics tools can save investigators a lot of time.

Checking computer memory

Group aims to draw the line on counterfeit IT

The Open Group's standard could help government ensure that COTS products do not contain backdoors or counterfeit components.

One worker in an empty cubicle farm

6 steps to secure systems for sequester

Patches, idle accounts, mobile devices not in use and, yes, disgruntled workers have to be accounted for.

Big ship in fog bearing down on man in rowboat crisis management

Hacks happen. Security Module can help agencies navigate crisis response

Co3's system can help agencies identify an attack or breach, in part by putting users on the case, and then lead officials through the response.

Computer system checks out as clean

Digital certificates need to regain users' trust

In the face of growing use of stolen and fake certificates to deliver malicious code, NIST and an industry alliance are working to improve what has become an automated, online process.

City traffic controls have Internet connections

'Scary' search engine can find millions of agency back doors

Shodan scours the Web for connected devices that aren't looking to be found, such as traffic lights, door locks and power systems. And many of them aren't secured.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • The Rising Threat of Enterprise Cybercrime

    Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the network than a direct network attack. Agencies need to recognize and address this growing danger.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.

  • The STAND: Cybersecurity

    Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned about the ongoing evolution of the cyber landscape, it just means they are not paying enough attention. The problem is that these and other emerging cyber tactics are designed to evade traditional cyber defenses and escape detection until it’s too late. The good news is it’s not a lost cause. In this special report, two subject matter experts discuss cybersecurity technologies and strategies that can help agencies defend their systems and data against the latest cyber threats, today and into the future.