• Why so slow to move off SHA-1?

    Why so slow to move off SHA-1?

    While the private sector is winding down its use of the decades-old algorithm in their products, government is still grinding out SHA-1 certificates.

  • biometrics

    Passwords vs. biometrics

    It’s not a competition, but neither provides completely secure or effective access control on its own. What is needed is an appropriate combination of technologies.

    Comments: 3
  • SSL remains security weakness despite latest reinforcements

    SSL remains security weakness despite latest reinforcements

    Secure Socket Layer-based encryption remains vulnerable to attack despite promising efforts to tighten management of the humble but critical security protocol.

  • Do you know where your mobile data is?

    Do you know where your mobile data is?

    Recent hacks of celebrity data that had been saved to the cloud illustrate the need to be aware of what your mobile devices – agency-issued or BYOD – are doing and where the data is going.

  • Cubes floating in space

    The growing security threat to virtual systems

    Malware innovators are evading automated analysis, forcing agencies to secure virtual machines and networks as completely as other classic IT.

  • Personal Identity Verification card

    Happy birthday HSPD-12; there’s still a long way to go

    The presidential directive mandating interoperable smart government ID cards is 10 years old this month, and represents an impressive effort to specify and implement the technology. Now we need to put it to use.

    Comments: 2
  • Man using Samsung phone in raid

    Will Knox tip government buyers toward Android?

    Samsung’s Knox containerization technology, together with sophisticated vetting in defense and security circles, is gaining traction in federal, state and local markets.

    Comments: 2
  • Laptop at empty table

    GSA makes room at the table for the CISO

    A new IT policy letter from the GSA’s CIO aims to ensure that the agency’s senior security officer is a part of all IT projects, not just brought in after the fact to monitor compliance.

  • Next-gen cybersecurity means anticipating threats

    Next-gen cybersecurity means anticipating threats

    Maintaining effective cyberthreat defenses not only requires constant vigilance but also an eye on the road ahead.

    Comments: 3
  • Role for humans in cybersecurity automation

    Security automation: Are humans still relevant?

    The increasing complexity and sophistication of cyberthreats is driving the use of automation in cybersecurity. Where does human intelligence fit in the picture?

    Comments: 2

inside gcn