With the threat landscape significantly different since it issued its guidance four years ago, NIST sets out to revise Special Publication 800-61, Computer Security Incident Handling Guide, with help from industry, government agencies and academia.
"People appreciate being contacted when particular transactions look risky," says Peter Tapling, President and CEO of Authentify. "Out-of-band authentication provides the opportunity to do that in real-time, at very low cost to the institutions."
No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.
Mobile security is a new discussion track at RSA Conference, but it's long been a hot topic for CISOs. Entrust's Dave Rockvam discusses BYOD and how organizations are securing personally-owned devices.
Concerns expressed by the National Security Agency director come at a time when Congress is split over the role government should perform in determining the security of the mostly privately owned national critical IT infrastructure.
IT security practitioners who employ the RSA public-private key cryptography needn't lose sleep about its efficacy, despite new research that raises questions on how it creates large prime numbers to generate secret keys, IT security authority Gene Spafford says.
Jason Clark, CSO of Websense, has met recently with 400 CSOs. In a pre-RSA Conference interview, he discusses how security leaders can be more effective when facing mobile security and other challenges.
RSA Chief Technologist Sam Curry defends the company's approach to public-key cryptography after researchers suggest a flaw in its encryption algorithm, contending the problem exists elsewhere in the security chain.