Security Management

NIST releases continuous monitoring guidance

October 05, 2011

The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.
 

FISMA compliance to require monthly reports

September 19, 2011

Beginning in October, federal agencies will be required to report on their information security posture on a monthly basis, instead of annually.
 

ETSI releases identity management specifications

March 25, 2011

The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.
 

Data breaches cost organizations $204 per record in 2009

January 25, 2010

A new Ponemon Institute study found that the number of data breaches caused by malicious attacks and botnets doubled last year, compared to 2008.
 

DHS secretary: Cybersecurity is shared burden

October 20, 2009

Cybersecurity is not the responsibility of one person or group since no one person is in charge of the internet, Department of Homeland Security Secretary Janet Napolitano said Tuesday.
 

GAO: NASA must fix cyber vulnerabilities

October 19, 2009

A new report from the Government Accountability Office found that NASA has multiple cybersecurity problems.
 

Microsoft disputes password-stealing SQL Server bug

September 02, 2009

Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.
 

US-CERT director resigns, plans to work for RSA

August 10, 2009

Another top cybersecurity leader has stepped down - news that comes in the wake of similar high-profile government resignations and a still-vacant federal cybersecurity coordinator post.
 

Malware served up thanks to solar eclipse

July 24, 2009

In a reprise of an old trick, cybercriminals are using SEO poisoning to attract victims to a rogue software site, according to Trend Micro.
 

Lack of cyber talent threatens national security

July 22, 2009

A serious shortage in people to fill federal cybersecurity posts threatens national security.
 

It's official: Microsoft to offer free anti-malware service

June 19, 2009

Next week, Microsoft will make available to consumers a new, free anti-malware service to replace its subscription model.
 

DHS appoints new director of National Cybersecurity Center

June 03, 2009

The U.S. Department of Homeland Security has appointed Philip Reitinger as the new director of the National Cybersecurity Center, a post left in March by Rod Beckstrom, DHS Secretary Janet Napolitano announced on Monday.
 

Hackers hit U.S. Army websites

June 01, 2009

A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.
 

Trend Micro goes shopping for virtualization security

April 29, 2009

In one of its first major moves in acquiring virtual security technology firms, Trend Micro bought Third Brigade, a virtualization security and compliance software company based in Ottawa, Canada.
 

Policymakers debate White House's role in cybersecurity

April 28, 2009

Lawmakers and public policy experts clashed Tuesday over whether cybersecurity control should be taken away from the Department of Homeland Security (DHS) and placed under the White House's purview.
 

RSA: Build security into operations, says Symantec CEO

April 21, 2009

Just days into his new job, Symantec CEO Enrique Salem is calling for a colossal shift in the way vendors and end-users approach information security.
 

Survey finds that SMBs often lack basic security

April 10, 2009

Despite being aware of the importance of security, small-to-medium-size businesses (SMBs) generally are not protecting their networks, according to a survey released Thursday by Symantec.
 

SANS report shows security logs no longer "geek toys"

April 07, 2009

Organizations use security log data to a greater extent than ever before, according to the 2009 Annual Log Management Survey from the SANS Institute.
 

Survey: Financial crisis fuels identity theft fears

April 06, 2009

Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes.
 

FTC site helps meeting "Red Flags Rule"

April 03, 2009

The FTC has established a how-to guide for coping with new requirements aimed at deterring identity theft.
 

Obama appoints federal CIO

March 05, 2009

President Obama has appointed the first-ever federal chief information officer.
 

Los Alamos computers go missing

February 12, 2009

At least 69 computers are missing from the Los Alamos National Laboratory, a national security research institution in New Mexico.
 

McAfee: Malware will use web and USB sticks to spread in 2009

January 23, 2009

McAfee predicts in the upcoming year that web-based malware and removable storage devices will be some of be the biggest threats to businesses.
 

Case study: City of Miami Beach

Victor Cruz January 16, 2009

Miami Beach needed to quickly identify threats, generate immediate notifications and to quarantine infected computers.
 

Security issues continue at the IRS

January 13, 2009

Weaknesses remain in the Internal Revenue Service's computer systems that jeopardize the confidentiality of sensitive taxpayer information.
 

In cybersecurity, who is the weakest link?

Michael Callahan, VP global marketing, Credant December 19, 2008

Human error is the primary cause of information technology security breaches because, too often, individuals are given the option to bypass security processes.
 

SC World Congress: A budget crisis is a terrible thing to waste

December 11, 2008

Even faced with tough budget times, there is still an opportunity, says one CISO.
 

New free tool detects malware on networks

November 25, 2008

BotHunter was sponsored by the U.S. Army Research Office and is being used by U.S. government and the Department of Defense.
 

Keylogger spyware ordered off the market

November 17, 2008

In a victory for privacy advocates, an Orlando, Fla.-based company has been ordered not to sell keylogger spyware.
 

Study: Internet service providers facing more, larger threats

November 11, 2008

The scale of distributed denial of service attacks has grown 100-fold since 2001, leaving some ISPs with long outages.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws