GovInfoSecurity.com RSS Syndication

Survey: 9% Have Experienced ID Theft

Of Theft Cases, 6% Involve Medical ID
About 9 percent of Americans have experienced an identity theft crime directly or through an immediate family member, a new survey shows.

GAO: CNCI's Goals are at Risk

Kundra Says GAO Misguided on One Recommendation
The Comprehensive National Cybersecurity Initiative will not fully achieve its goal to reduce vulnerabilities, protect against intrusions and anticipate future threats unless several challenges to its objectives are met.

Howard Schmidt Dismisses Cyberwar Fears

Cybersecurity Coordinator: Defense of Critical IT Improved
White House Cybersecurity Coordinator Howard Schmidt isn't buying into the grim forecasts that the United States is ill prepared to defend the government's and nation's critical information assets from an immense virtual attack by political adversaries or cyber criminals.

NIST Special Publication 800-73-3: Interfaces for Personal Identity Verification, Part 4

The PIV Transitional Interfaces and DataModel Specification

NIST Special Publication 800-73-3: Interfaces for Personal Identity Verification, Part 3

End-Point PIV Client Application Programming Interface

NIST SP 800-73-3: Interfaces for Personal Identity Verification, Part 2

End-Point PIV Card Application Card Command Interface

NIST SP 800-73-3: Interfaces for Personal Identity Verification, Part 1

End-Point PIV Card Application Namespace, Data Model and Representation

Defending Against Cyberattack: Emerging Solutions for Today's Threats

Last July 4, key federal government websites were disrupted by a series of distributed denial of service attacks.

In January, Google and 30 other major companies revealed they'd been the targets of another sophisticated cyberattack.

These incidents confirm what we all have long believed: Our critical infrastructure is under constant attack, and the potential cost of a successful attack is staggering.

In fact, the estimated cost from downtime caused by major attacks exceeds $6M per day. In a recent survey of federal agencies, the top security concern was the inability to protect sensitive and confidential data.

Some eye-opening facts:

Nearly one- third of IT executives surveyed said their own sector was either "not at all prepared" or "not very prepared" to deal with attacks or infiltration by high-level adversaries;
50% of IT and security executives also identified the United States as one of the three countries "most vulnerable to critical infrastructure cyberattack."

The solution? Increasingly, organizations turn to end-to-end encryption and tokenization coupled with hardened cryptographic operations to ensure that no matter where data goes, it is always protected.

This webinar will examine these solutions in detail, using the nation's payment system as an example to illustrate how data can be protected from cyber attack.

Thales and Voltage Security have teamed to make protecting data end-to-end easier. In this webinar, you'll learn about:

End-to-End data protection via encryption and tokenization;
Hardened operational environments that ensure sensitive data is always protected;
How key management and a secure environment for encryption provide complete protection.

Heartland Works with Feds to Secure IT

Steve Elefant, CIO, Heartland Payment Systems

One theme repeated by every major Obama administration officials speaking RSA Conference 2010, the IT security conference held in early March in San Francisco, was the need for the government and business to work together to protect the nation's critical IT systems.

Among those listening to these officials was Steve Elefant, chief information officer of payment processor Heartland Payment Systems, a victim of a 2009 breach considered the largest criminal breach of card data ever, exposing information on upward of 100 million cards.

In an interview with Information Security Media Group Executive Editor Eric Chabrow, Elefant discusses the impact of the breach on Heartland's relationship with the government and other financial institutions to secure critical IT systems operated by the private sector.

Hathaway Speaks Out on CNCI Declassification

Melissa Hathaway worked on the development of Comprehensive National Cybersecurity Initiative when she worked in the Bush White House and assessed the CNCI as the leader of President Obama's 60-day cyberspace policy review.

GovInfoSecurity.com's Executive Editor Eric Chabrow ran into Hathaway at the RSA Conference 2010 in San Francisco earlier this month, just after the White House issued a declassified summary of CNCI, a series of initiatives aimed at securing federal government information assets and the nation's critical IT infrastructure. Besides responding to a question whether declassifying parts of CNCI was a good idea, Hathaway also addressed:

Collaboration between government and the private sector and the private sector and private sector on developing cyber defenses.
How much regulation the government should impose on the private sector to assure IT security.
A new idea she hadn't thought of before attending the RSA IT security conference.

Hathaway left government service last summer, forming an IT security consultancy. Among her clients: Harvard Kennedy School's Belfer Center for Science and International Affairs and Cisco.

Hathaway is a protégé of retired Adm. Mike McConnell, who resigned a year ago as the nation's National Intelligence director, returning to the management consultancy Booz Allen Hamilton. Under McConnell, Hathaway served as a senior adviser and cyber coordination executive. She chaired the National Cyber Study Group, contributing to the development of the CNCI. That led to her appointment as director of the Joint Interagency Cyber Task Force in January 2008. At Booz Allen, where she first worked with McConnell, Hathaway served as a cybersecurity strategist, leading the information operations and long-range strategy and policy support business units.

In February 2009, President Obama charged Hathaway to conduct a wide-ranging, 60-day interagency review the government's cybersecurity plans and activities and gave her the title acting senior director for cyberspace for the National Security and Homeland Security Councils.

Hathaway, who holds a BA from American University and a special certificate in information operations at the U.S. Armed Force Staff College.

Here are other interviews and stories about Hathaway from the GovInfoSecurity.com archives:

What Worries Melissa Hathaway? (Interview)
White House Must Lead(Interview)
The Influencers: Melissa Hathaway (Profile)
The Melissa Hathaway Not-So-Mystery Tour (Blog)

Warren Axelrod on Banking Information Security

C. Warren Axelrod is a veteran banking/security executive and thought-leader, and in an exclusive interview he discusses top security trends and threats, including:

Insider fraud;

Application security;

Cloud computing.

Axelrod is currently executive advisor for the Financial Services Technology Consortium. Previously, he was a director of Pershing LLC, a BNY Securities Group Co., where he was responsible for global information security. He has been a senior information technology manager on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.