Complex maze with cloud in background

The enemy of risk management starts with a C (and it's not China)

Complexity is the enemy of security, says NIST's FISMA lead Ron Ross, and the cloud can help simplify networks.

Business people meeting against a backdrop of financial pricing data

Financial ISAC shows how info sharing beefs up security

The Financial Services Information Sharing and Analysis Center, a collaborative effort on the cyber defense of the financial sector, was honored with the RSA Conference's information security award.

Pentagon and Washington DC covered in snow

BYO3: The tools of telework expand with the mobile workforce

Telework Week gets tens of thousands of feds to try working from home, and they're not all using an agency-issued laptop.

Computer generated image of sentry guarding a digital tunnel

Attacks hit, but don't break, new SHA-3 candidate

Research describing a more successful attack on the new Secure Hash Algorithm will be published later this month, but SHA-3 remains much more powerful than the best attacks yet discovered.

DiskVault FIPS external USB and module bay Self Encrypting Drive

CMS locks down DiskVault drives with FIPS-level encryption

The company has added NIST-certified encryption to its USB and module bay self-encrypting drives.

Old chain link fence with big hole cut in it

Why do so many antivirus programs miss the same, old exploits?

Testing by NSS Labs shows that not only do antivirus products miss known exploits, they often are blind to the same ones, opening windows of opportunity for attackers -- particularly against legacy agency systems.

Representation of a secure chip

At age 10, Trusted Computing Group sees a new world of threats

The group has brought the Trusted Platform Module in line with government requirements, but security standards must keep pace with mobile computing and rapidly changing threat environments.

RSA show floor

What rocks at RSA? Big data security, active defense.

The explosive growth in information generated by security tools is putting a premium on the ability to analyze large volumes of data, say experts, who also call for active defense.

Unlocked Census data

Census tech transition leaves security weaknesses, GAO says

An incomplete transition to a new IT security framework has left weaknesses in some systems holding sensitive census information, according to a GAO report.

Neutering iPads to make them safe in secure environments

How to make iPads safe for government? 'Neuter' them.

Mobile devices can be a risk to secure environments. A CACI exec says one approach to security has been to alter the hardware of Apple iPads.

Electronic identity verification

NSTIC opens next round of grants for secure ID technology

Project would use public-private partnerships to create easier, more secure authentication that would support online government services and commercial transactions.

High risk climb when rope breaks on dangling mountain climbers

Trusted ID, monitoring efforts can’t keep IT security off high-risk list

After 16 years of plans, strategies and regulation, federal IT security is one of 30 program areas designated by government auditors as high risk.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.

  • The STAND: Cybersecurity

    Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned about the ongoing evolution of the cyber landscape, it just means they are not paying enough attention. The problem is that these and other emerging cyber tactics are designed to evade traditional cyber defenses and escape detection until it’s too late. The good news is it’s not a lost cause. In this special report, two subject matter experts discuss cybersecurity technologies and strategies that can help agencies defend their systems and data against the latest cyber threats, today and into the future.