President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
An analysis of the Target breach prepared for a Senate committee is a political document that might help its patron's agenda but doesn't go far enough to identify technical solutions to help enterprises avoid Target-like breaches.
One key factor in efforts to reduce reliance on passwords for authentication will be international acceptance of the FIDO Alliance's soon-to-be released protocol for advanced authentication, says Michael Barrett, the alliance's president.
Healthcare organizations can now take advantage of a growing number of resources offering guidance on improving medical device security. Learn about the latest security assessment framework that's now being tested.
Simple credentials, such as passwords, are a hacker's best friend, says Phillip Dunkelberger of Nok Nok Labs, a founding member of the FIDO Alliance. That's why the alliance is working to reduce reliance on passwords by enabling advanced authentication.
Two critical steps that banking institutions need to take in 2014 to help prevent fraud are implementing big data analytics and adopting far more sophisticated customer and employee authentication, says Gartner analyst Avivah Litan.
As patient portals become more common in 2014, healthcare providers will struggle to find a balance between implementing strong authentication practices and providing individuals with easy access to records, says privacy attorney Adam Greene.
To help reduce reliance on passwords, the FIDO Alliance is developing standard technical specifications for advanced authentication. Michael Barrett and Daniel Almenara of FIDO describe the impact the effort could have in 2014.
Buried deep within a 308-page report from a presidential panel on ways to tighten federal surveillance and IT security programs are important recommendations on how to mitigate the insider threat at federal agencies.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.