The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
The apparatchiks at the Kremlin think they're clever sorts with plans to replace computers with typewriters to prevent the American e-spies at the National Security Agency from hacking into Russian intelligence systems.
Getting critical infrastructure operators involved is the biggest challenge the federal government faces in creating a cybersecurity framework, says NIST's Adam Sedgewick, who leads efforts to create the framework ordered by President Obama.
Aimed to be voluntarily adopted by the nation's critical infrastructure operators, the cybersecurity framework will revolve around a core structure that includes five major cybersecurity functions: Know, Prevent, Detect, Respond and Recover.
Here are some questions we'd like to ask the former systems administrator at the National Security Agency to learn more about the motivation behind his leak of the U.S. government's top-secret information collection programs.
National Security Agency Director Keith Alexander declined to say that the agency would stop using contractors in top secret IT positions to prevent a leak such as the one that exposed NSA programs to collect metadata on American citizens.
Regulations initially cause organizations to spend more funds on data breaches, but eventually those rules could save enterprises money, the Ponemon Institute's Larry Ponemon says in analyzing his latest study on breach costs.
NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.