Computer system checks out as clean

Digital certificates need to regain users' trust

In the face of growing use of stolen and fake certificates to deliver malicious code, NIST and an industry alliance are working to improve what has become an automated, online process.

City traffic controls have Internet connections

'Scary' search engine can find millions of agency back doors

Shodan scours the Web for connected devices that aren't looking to be found, such as traffic lights, door locks and power systems. And many of them aren't secured.

Man on cliff with cloud background illustrating that cloud choices may be too risky

Free cloud storage is tempting, but is the price too high?

The services have obvious appeal to employees, but have a history of breaches. Pennsylvania's CISO, for one, steers agencies to in-house or enterprise storage services.

New York City Police Department call center

Phone-DOS attacks in extortion scam target gov offices

Government offices, including Public Safety Answering Points, are being flooded with calls to block phone lines in an extortion scam that shows how easy such attacks can be, according to a DHS alert.

Soldier using smartphone to access Army mobile sites

Mobile devices run amok in the Army, report says

DOD's inspector general says the Army is "unaware" of some 14,000 smart phones and tablets, many of them unmanaged and unsecure.

Fixmo Secure Gesture password technology

Better than a password? Write with your finger.

For iOS and Android devices, Secure Gesture from Fixmo and Lockheed Martin lets users log in with a touch-screen gesture that can be almost impossible to duplicate.

FIPS 140 2 validated TrustChip for Trustcall on iPhone

TrustCall brings fully encrypted voice to the iPhone

With the FIPS 140-2 validated TrustChip, KoolSpan's solution is the first hardware-encrypted security for the iPhone 4 series.

Cyber attack on network

Why is Java so risky? 77 percent of agencies run unsupported versions

Three quarters of government computers are running unsupported versions of Java, according to a Websense analysis, leaving them vulnerable to a long list of malicious exploits.

Data numbers binary

Can NASA vet all material in its shuttered tech database?

NASA closed down its Technical Reports Server for review after the arrest of a suspected spy and a congressman’s concern over the potential availability of sensitive documents.

Fingerprint electronic matching AFIS

Law enforcement, NIST making fingerprint files easier to search

Group has developed a standard features set to use for fingerprint identification, and NIST now has the technical specs to make searches interoperable.

HIPAA compliance monitoring of USF health system

Compliance tool the cure for university's health records

The new Compliance Software Blade lets USF Health easily answer the question, "How are we doing on compliance?"

Man with suitcase chasing train

Why the public sector is still catching up with proactive cybersecurity

If agencies are to stop being reactive in addressing cybersecurity, they must first change the way security is implemented on the ground floor.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • The Rising Threat of Enterprise Cybercrime

    Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the network than a direct network attack. Agencies need to recognize and address this growing danger.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.