With less than six months to the deadline for agencies to implement HTTPS on all public-facing websites, nearly half of .gov sites remain unprotected. Deploying the secure protocol should be one of the easier security mandates for agencies to meet.
Moving beyond periodic certification of information systems to the Risk Management Framework requires standardizing and automating the assessment process.
A suggested phase-out by NIST of SMS for sending one-time passwords has been widely misinterpreted as a threat to two-factor authentication. No need to worry—2FA is not going away and you can still use your mobile phone as a token.
Commentators are warning of the dangers of the wildly popular game when used on mobile devices for business. But instead of worrying about Pokémon Go, you should have an enforceable policy in place for all apps.
Summer is the best time for infosec professionals in institutions of higher education to focus on cybersecurity projects: baselining and inventorying, planning regular scans, and implementing new procedures.
Researchers have demonstrated a way to hide voice commands to smart phones so that humans cannot understand them. Who’s talking to your phone?
Although penetration testing might be viewed as one of the more glamorous jobs in cybersecurity – think of Tom Cruise in Mission Impossible hacking into a CIA computer while dangling horizontally from cables in a heavily protected room – it might come…
In cybersecurity as in national security, remembrance and eternal vigilance are essential to maintaining our freedom.
The market for cyber insurance is growing, but this industry has not yet reached the critical mass needed to reform how we protect our information infrastructures.
Vulnerability management is an essential part of government cybersecurity. It requires not only continuous monitoring and visibility to spot vulnerabilities, but also the context needed to prioritize vulnerabilities based on risk so agencies can take effective action to eliminate, patch or mitigate.