The Cybersecurity Framework is a work in progress. It has been generally well received by industry, but the old bugaboo of cybersecurity sharing remains a challenge as NIST mulls the next steps.
William Jackson
We are just plain bad at maintenance
The United States is capable of wonderful innovation and spectacular achievements, from highway systems to fleets of satellites. But a lack of appetite for maintaining these accomplishments threatens our security and well-being.
Leveraging NIST Standards to Build Your Enterprise Security
The federal government has produced a body of standards and guidelines—including the NIST Cybersecurity Framework—that can help the private sector as well as government agencies improve information security.
Truth in hacking
Antivirus company Avira reports a new wrinkle in malware: A phishing e-mail that contains explicit instructions for infecting your computer. It’s so crazy, it just might work.
Government needs help from IT vendors
Agencies are getting more and better technology, but IT is not providing the productivity and return that it could. Federal customers need to partner with vendors to focus on mission and outcome for IT, not just functionality and affordability.
Tenable Blog: Grappling with State and Local legacy IT
With many states relying on IT systems that are 20 years old or more, government agencies are challenged to secure legacy technology that is no longer supported and often hidden from view.
Giving and taking: DOJ and NIST on opposite sides of cybersecurity
While the Justice Department is trying to get backdoors into mobile consumer devices, NIST is working to improve security and privacy of electronic medical records and devices.
Cybersecurity National Action Plan: Some ideas are bold, some old
Cybersecurity has a high profile in the president’s agenda for his final year. There are some good ideas in his Cybersecurity National Action Plan, but whether they translate into improved security will depend on Congress and the next president.
Protecting Sensitive Government Info on Contractor Networks
The Defense Department has given contractors two years to meet new requirements for securing sensitive DOD data on nonfederal IT systems, responding to industry concerns over moving too quickly to the new standards.
A step toward better sharing of cyberthreat information?
DHS plans to begin an automated threat information sharing program for the private sector this month. Not everyone is enthusiastic, but some think the department can be a catalyst for improved cybersecurity collaboration.