Reform would focus on a risk-based approach using automated tools for continuous monitoring that agencies already are adopting. But will they be graded on security or paperwork?
A study of meters used to measure strength of passwords created on websites suggests you can only push users so far before they stop trying.
When considering retaliation against cyber criminals, make sure the rule of law trumps the immediate gratification of doing unto others.
As part of efforts to secure government infrastructure, an interagency working group is developing plans for cybersecurity requirements in federal acquisitions, which would benefit from a consistent terminology.
Government and industry experts think biometric authentication is poised to take off, but fingerprints, iris scans and voice recognition are not foolproof forms of ID.
Social media outlets were never intended as mission-critical applications; recent events show why.
IT officials at a recent conference said efforts to protect their infrastructure are hampered by a lack of resources and a lack of understanding from those who make funding decisions.
The emerging focus on automating IT security raises the question: will agencies automate FISMA compliance or risk management?
As voice becomes just another data service, telephones are opened up to increasing denial-of-service threats from the Internet.
As more unsecured devices become IP-enabled for remote management or as part of sensor networks, the possibilities for attack grow.