The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
President Obama has proclaimed December as Critical Infrastructure Protection and Resilience Month, and is using that declaration to continue his campaign to get Congress to enact comprehensive cybersecurity legislation.
Absent a uniform method, the NIST interagency report investigates credential revocation, focusing on identifying missing requirements, and suggests a model for credential reliability and revocation services that addresses those missing requirements.
The leaders in Congress on cybersecurity matters are the chairs of the committees that have jurisdiction over IT security. In both houses, chairmanship changes mean new lawmakers will lead legislative initiatives on cybersecurity in the 113th Congress.
The PATCO fraud dispute could have been settled in 2009, says co-owner Mark Patterson. Why did the case drag on, and what can banking institutions and fraud victims learn from PATCO's recent settlement?
The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack. NIST's Matthew Scholl offers strategies to mitigate the threat.
Developing a bring-your-own-device
policy that's well-integrated with an organization's overall information security strategy requires a multi-disciplinary, collaborative approach, says attorney Stephen Wu.