Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
"Iran's intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity," National Intelligence Director James Clapper says.
IT security provider Symantec says it identified multiple publisher identifications on the Android Market that are being used to push out Android.Counterclank, which it characterizes as a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
"Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," NIST Computer Scientist Tim Grance says.
The National Institute of Standards and Technology is seeking public comment on three draft interagency reports that provide guidance on the continuous monitoring of information systems for security vulnerabilities.
Steven VanRoekel says the mobile revolution will fundamentally change the way the federal government serves the public and its employees. But in outlining the Federal Mobile Strategy, the federal CIO hardly mentions security and privacy.
The controls create a baseline to properly address the unique elements of authorizing cloud products and services, including multi-tenancy, control of an infrastructure and shared resource pooling, Homeland Security CIO Richard Spires says.