"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
The innocent use for three years of a Yahoo calendar application exposed personally identifiable information of 878 patients at the Department of Veterans Affairs' Chicago Healthcare Systems, a violation of VA policy.
"I'll probably be hung for this, but I really believe the cloud can be more secure than what we do today," says CTO Tomas Soderstrom of NASA's Jet Propulsion Lab. "It's fairly uniformed, if you apply a patch, you can apply it to everything at once."
Incoming House Speaker John Boehner taps William McClellan "Mac" Thornberry, R-Texas, to coordinate a way to more efficiently address cybersecurity legislation in a Congress where nearly every committee has some sway.
"Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone; however, automation can make the process of continuous monitoring more efficient," NIST says.
By working closely with cloud computing providers, IT leaders at NASA's Jet Propulsion Laboratory feel more confident about placing sensitive, mission-critical information securely in the cloud, says JPL CTO Tomas Soderstrom.
Looking ahead to the new year, Kristin Lovejoy of IBM says information security organizations face a host of global compliance issues - and the complexity of this challenge may be the biggest task of 2011.