Federal government auditors have identified weaknesses in the technical controls protecting the security of the federally run Obamacare HealthCare.gov website and systems, which they say create increased and unnecessary risks.
Israeli Prime Minister Benjamin Netanyahu may have been a bit premature to claim Israel has deployed a cyber "iron dome" to protect its critical IT and defense systems. But a new initiative under way will try to do just that.
DHS could do a better job getting critical infrastructure operators to participate in its Enhanced Cybersecurity Service program. As of March, only three of the 16 sectors participated in the initiative.
A contractor used his own malware-laden PC to access National Oceanic and Atmospheric Administration information systems and wouldn't allow incident response experts to examine it, highlighting the risks of "bring your own device."
The 9/11 Commission, in its 10th anniversary report, cautions Americans and the U.S. government to treat cyberthreats more seriously than they did terrorist threats in the days and weeks before Sept. 11, 2001.
Two separate audits by the Government Accountability Office show information security weaknesses at the Federal Deposit Insurance Corp. and significant deficiencies in information system controls at the Treasury unit that manages the federal debt.
With fewer employees, and still fewer - if any - IT security experts on staff, small federal agencies face challenges not confronted by larger ones, and congressional auditors say DHS and OMB should give them more help.
To protect their privacy, organizations should get their IT security staffs involved in vendor-requested audits conducted to verify software licensing agreement compliance, says Gartner Research Director Victoria Barber.
Effective risk management requires involvement of an organization's top leader; the resignation of Eric Shinseki as secretary of Veterans Affairs means that the VA likely will continue to struggle to comply with federal requirements for IT security.
As federal regulators reveal details for the next phase of HIPAA compliance audits, security and privacy experts give the plan mixed reviews. Find out what experts like and don't like about the proposals.
Three years ago, trust on the Internet - or the lack thereof - focused, in part, on the faceless hacking groups such as Anonymous and LulzSec. Today, we have a face for this lack of trust, and it looks a lot like Uncle Sam and a Chinese Red Army cybersoldier.
The No. 1 reason Congress, after five years of intensive efforts, has yet to enact comprehensive cybersecurity legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information.