The National Institute of Standards and Technology has issued new guidance titled "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping," the sixth part of a series of recommendations regarding the modes of operation of block cipher.
A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
CISOs' top three priorities for 2013 are emerging threats, technology trends and filling security gaps, says RSA CISO Eddie Schwartz. But what new strategies should leaders employ to tackle these challenges?
As the recent PATCO case shows, fraud litigation is moving away from just establishing damages. The key legal question now is: What is reasonable security? Attorneys discuss the 2013 fraud legal landscape.
When it comes to mobile security, users say the right things, but still indulge in risky behavior. Javelin's Al Pascual tells how security leaders can create better partnerships and practices in 2013.
It's as much about people as it is technology for organizations to successfully implement a continuous monitoring program, says George Schu, senior vice president at Booz Allen Hamilton.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
Mobile malware and cloud-based botnets will be top cyberthreats for 2013, says Georgia Tech's Paul Royal. How should organizations address these and other upcoming threats in the New Year?
Absent a uniform method, the NIST interagency report investigates credential revocation, focusing on identifying missing requirements, and suggests a model for credential reliability and revocation services that addresses those missing requirements.
As social media continue to expand and evolve, organizations need to formalize a policy to address the risks. Expert Sherrie Madia details the must-haves that should be included in a policy.
South Carolina's Revenue Department went nearly a year without a chief information security officer before its tax system was hacked this summer. The agency's chief says the state couldn't find a qualified candidate for the job that pays $100,000 a year.
How do we provide mobile applications to our users that fulfill their need for immediate access, but also provide them with assurance that their information is safe? Here are four fundamentals.
What are the key skills and tools forensics pros use in probing a data breach? What can we learn from recent breaches? Rob Lee of SANS Institute walks us through a typical forensics investigation.
The goal is admirable: Eliminate all traces of online information about an individual if that's what he or she wants. But is the right to be forgotten an impossible dream?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.
