Defining essential federal information systems, such as those at the Department of Health and Human Services, to keep operating during a partial government shutdown could prove more complex than defining essential federal workers not to furlough.
Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Phishing represented more than half of the 107,439 cyber incidents compiled by the U.S.-CERT for fiscal year 2010 from federal, state and local governments, commercial enterprises, American citizens and foreign CERT teams.
RSA executives haven't been commenting publicly since the security solutions vendor revealed last week it had been victimized by a sophisticated cyberattack aimed at its SecurID two-factor authentication product. But weeks before the hack, I spoke with RSA Chief Technology Officer Bret Hartman about advanced...
"This is not a record of success; whatever we are doing is not working," says James Lewis of the Center for Strategic and International Studies. "As a nation, despite all the talk, we are still not serious about cybersecurity."
"Today's risk management professionals really need to take a strategic view of managing risk to be relevant in achieving the organization's expected outcome," says Philip Alexander of Wells Fargo Bank.
Describing it as the capstone publication of a partnership with the defense and intelligence communities, NIST publishes new guidance on managing security risk associated with the operation and use of IT systems.
A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.