IT Security


How county prepared for DDOS attacks at GOP convention

Concerned about being targeted by denial-of-service attacks while hosting the GOP convention, the Hillsborough County, Fla., Sheriff’s Office turned to security-as-a-service.

RIM wants your BlackBerry to be your access badge

HID Global has a service that would let users replace ID credentials and tokens with their BlackBerry phones. Could it work in a government enterprise?

New FISMA looks a lot like old FISMA, survey finds

A recent nCircle survey shows that compliance, not risk, is still the most common security concern for feds.

EMP attack on power grid could take down DOD systems, experts warn

A worst-case scenario could take out parts of the grid for years, according to some studies, and although equipment exists that can prevent such damage, Congress and the power industry cannot agree on action.

With QR codes, even security pros play the fool

The codes are a known tool for delivering malware, but a recent experiment showed that security pros will risk a scan for an iPad.

A secure alternative to cloud-based file sharing?

Axwat MailGate combines security and policy enforcement for sharing files via the cloud.

Upgrade or die: Old vulnerabilities are prime targets

Research at Fortinet confirms that old vulnerabilities are the most exploited. You might want to consider replacing XP with Windows 8, or at least 7.

The perils of bad patch management

Known vulnerabilities provide the most frequently attacked targets in commonly used software. NIST offers updated guidance for handling this crucial and challenging chore.

Government's 7 top challenges to embracing the cloud

The Government Accountability Office recently released a report that assessed the progress seven agencies have made in implementing the Cloud First policy and came up with their seven top challenges.

Firms cleared to check FedRAMP compliance

The General Services Administration has accredited 12 companies as Third Party Assessment Organizations (3PAO) for its Federal Risk and Authorization Management program.

Can the cloud really keep a (government) secret?

National security and emergency preparedness can be shifted safely to the cloud, experts say, provided agencies pay proper attention to details.

Aurora gang steps up attacks, with 'seemingly unlimited' zero-day exploits

Symantec says the well-funded hackers behind the 2009 Google attacks are still very active in gathering intelligence, while an NSA official says nations are getting "reckless" with their attacks.

A Simpson-Bowles panel for government IT?

The long-standing deadlock on government spectrum and cybersecurity policies could use input from some serious deal-makers.

Agency breaches are down, but exposed records are way up

Government has eliminated a lot of low-hanging fruit, but the number of records exposed is increasing by millions each year, according to a Rapid7 analysis.

3 ways to foil tech 'dumpster divers'

Old servers, drives and other media can be dangerous sources of data leakage; NIST has guidelines for removing data before the hardware goes out the door.