Every day I'm driving to or from work -- or even on the weekends - it seems like I hear about some new urgent priority that I must be aware of, whether it be the flailing economy, President Obama's directives, data breaches, or any number of other news-worthy items. But I love the news - so I don't mind!
An audit of the Security and Exchange Commission IT systems reveals 23 new weaknesses in controls intended to restrict access to data and systems, as well as weaknesses in other information security controls.
Two companies that provide the federal government with information security services have become one. ManTech International has closed the deal to acquire DDK Technology Group, a contractor servicing the Defense Department's Naval Criminal Investigative Service. ManTech did not disclose the purchase price.
In the wake of the Heartland Payment Systems (HPY) data breach, credit card company Visa is on the road talking to its network of payment processors about current security threats and the merits of the Payment Card Industry Data Security Standard (PCI DSS).
Heartland Payment Systems (HPY) has been removed from Visa's list of compliant service providers, and banking institutions affected by the Heartland data breach have until May 19 to file their fraud claims with Visa.
This news emerged late last week from a public statement by Visa, as well as from a letter sent by...
Vivek Kundra's action that might cost him his job as the federal chief information officer isn't that he necessarily did anything illegal indeed, no such allegations have been made but his association with a subordinate who was arrested last week on bribery charges.
We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant?
In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including:
Patterns and trends of insider...
Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum.
In an exclusive interview, Lawrence Rogers, chief architect of the SIA program,...
The Internal Revenue Service's Business Systems Modernization program continues to experience information security control weaknesses, according to a Government Accountability Office report issued Wednesday.
The United States is ill-prepared for a massive cybersecurity attack, the equivalent of a virtual 9/11 assault on federal IT systems and the nation's critical IT infrastructure, a panel of information security experts told a House committee on Tuesday.
For the second time in four months, the Commonwealth of Massachusetts has pushed back the implementation of its new data protection law - one of the toughest in the nation.
Yet even with the new deadline of January 2010, many of the businesses impacted by these stringent data protection requirements won't be...
A big complaint about the Federal Information Security Management Act (FISMA) is that agencies complying with its provisions merely prove they're following processes aimed at securing information systems, but they don't necessarily prove the systems are indeed secure.
In an exclusive interview, Ron Ross, the...
Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources.
In an exclusive interview, Joe Restoule, President of the Risk and Insurance...
The Obama administration is looking to develop metrics that would require agencies to continuously monitor the security of their information systems, moving beyond the quarterly and annual reporting required by the Federal Information Security Management Act.