Incidents such as the WikiLeaks disclosures and resulting fallout push leaders to redefine their data protection agenda for 2011 and think about their organizations' vulnerabilities.
Federal agencies have until Jan. 28 to complete an assessment on how they handle confidential information, a process prompted by the WikiLeaks episode that exposed 250,000-plus diplomatic cables in November, says OMB Director Jacob Lew.
Researchers explore adapting geolocation technology to identify where data reside on the cloud so organizations can comply with IT security laws and regulations, RSA Chief Technology Officer Bret Hartman says.
The National Institute of Standards and Technology issues two special publications: SP 800-119, Guidelines for the Secure Deployment of IPv6 and SP 800-135, Recommendation for Application-Specific Key Derivation Functions.
Dmitri Alperovitch, McAfee Labs threat research vice president, discusses the company's annual threat predictions, saying: "We are seeing an escalating threat landscape in 2011."
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
Thwarting the insider threat entails more than knowing an individual with access to a computer, but to recognize the synergy between the individual, organization, technology and environment, I3P Research Director Shari Lawrence Pfleeger says.
"There's a real threat out there." Cybersecurity Coordinator Howard Schmidt says. "But the threat sort of follows the way we build our defenses against it, and I think those things continue to move in parallel."
WikiLeaks founder Julian Assange has become akin to a "cyber messiah," Hemu Nigam says. And Assange's followers have proven: "If you turn your back on our messiah, we are going to take you down."
"We will protect ourselves, our networks and our confidential correspondence through reforms like the creation of a new coordinator for cyber issues," Secretary of State Hillary Clinton says.
"Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone; however, automation can make the process of continuous monitoring more efficient," NIST says.
NIST issues a draft of new guidance that introduces a three-tiered approach to establish an enterprise-wide risk management strategy involving the participation of non-IT senior departmental and agency leaders.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.