A lot of attention has been given lately to the security in the Internet of Things. Unfortunately, there is already a widely installed base of vulnerable hardware and software that is being exploited for attacks. Are we doomed to another losing game of catch-up?
William Jackson
Tenable Security Blog – Defending the Defenders: USS Zumwalt
On October 15, 2016, the naval commissioning ceremony for the USS Zumwalt will take place in the Port of Baltimore. The USS Zumwalt is not only the newest ship in the U.S. Navy, it represents a new class of warship that takes naval technology to a new level.
New Standards for Sharing Cyberthreat Information
Standards are being published for creating new private sector Information Sharing and Analysis Organizations. Will these ISAOs be the tools we need to improve the nation’s cybersecurity?
The same old story: Security vs. Functionality
Despite years of rising concern over cybersecurity risk, the old conflict between operations and security remains the number one challenge for federal agency CISOs. Agencies must do a better job of building risk management into operational decisions.
A European Wind
The new U.S.-E.U. Privacy Shield, new European data privacy rules, Brexit, and globalization are combining to create interesting times for U.S. companies doing business across borders.
Tenable Blog
If you are making decisions on how to spend the last of your FY 2016 IT budget, there are low-cost, high-impact products and services available that can improve your security status and make your life easier in the coming year.
Securing the nation’s electoral infrastructure
Given the diversity of the nation’s election systems and voting technology, there is no easy fix to ensure security. On the other hand, that diversity makes rigging a national election a significant challenge for would-be attackers.
The final push to the HTTPS-only standard for federal websites
With less than six months to the deadline for agencies to implement HTTPS on all public-facing websites, nearly half of .gov sites remain unprotected. Deploying the secure protocol should be one of the easier security mandates for agencies to meet.
Tenable Blog
Moving beyond periodic certification of information systems to the Risk Management Framework requires standardizing and automating the assessment process.
SMS is safe for now
A suggested phase-out by NIST of SMS for sending one-time passwords has been widely misinterpreted as a threat to two-factor authentication. No need to worry—2FA is not going away and you can still use your mobile phone as a token.