IT Security


Moving encryption to the enterprise edge involves trade-offs

DOE is using a cloud-based appliance to handle encryption of unclassified e-mail, but the solution is not for everybody.

Energy adapts its PKI to handle old and new technologies

Although PIV cards are intended to be a standard source for PKI certificates, legacy hardware and software and the emergence of mobile devices have led DOE to adopt a gateway encryption appliance for secure e-mail.

NASCIO offers states guidance on trusted digital identity

The group's report can help states use their digital infrastructure to securely conduct business with other states, organizations and the public.

Keys to mobile security: Consistent controls, user common sense

GAO report on mobile threats concludes that certain agencies, and all users, can help improve security.

CyberScope falls flat on improving IT security, feds say

Most federal officials questioned in a recent survey said that requirements for continuous monitoring of security status have not reduced risk in the IT systems.

Common IT security framework for government gets a step closer

NIST’s new risk assessment guidelines caps planned efforts of a multiagency task force, but federal cybersecurity is just entering its new phase.

Energy lab develops Sophia to help secure SCADA systems

A team at the Idaho National Laboratory spent three years developing the software sentry, which monitors industrial networks for any suspicious activity.

Microsoft delivering fix to counter zero-day IE exploits

The company said it will issue a cumulative patch Friday for a vulnerability that had prompted some security experts to urge IE users to switch browsers.

Forget hackers, the fool next to you is the real threat

An analysis of reported data breach incidents shows that human error, not hackers, is the biggest threat to sensitive government data.

New smart-card, CAC reader built for government

Belkin says its the first reader built specifically for use in defense and civilian agencies.

Intell community's new problem: Sharing too much data

Swamped by a deluge of data, intell analysts need technology that can help them understand a rapidly changing and complex world, a former CIA and NSA director says.

Zero-day exploit targets IE; some researchers advise switching browsers

A new zero-day exploit, found on the same server that hosted the recent zero-day for Java, could give attackers user privileges. With no patch yet available, some researchers recommend dumping IE for the time being.

In use in-house, company will offer encryption-as-a-service to defense, intell community

Exceptional Software is using CipherCloud to securely move its own CRM and e-mail to the cloud, and plans to offer the technology to its defense and intelligence customers for use in private clouds.

Private sector wary of fed cyber security regs, oversight

A recent survey finds most respondents believe the private sector does not need more government cybersecurity regulations or want NSA or DHS oversight.

Spot the bot: Identifying robot behavior to defeat DDOS attacks

A new hosted service uses proprietary algorithms to distinguish between human and non-human behavior in Web traffic, which could help stop DDOS attacks before they get going.