Cybereye

Standards are being published for creating new private sector Information Sharing and Analysis Organizations. Will these ISAOs be the tools we need to improve the nation’s cybersecurity?

The new U.S.-E.U. Privacy Shield, new European data privacy rules, Brexit, and globalization are combining to create interesting times for U.S. companies doing business across borders.

Given the diversity of the nation’s election systems and voting technology, there is no easy fix to ensure security. On the other hand, that diversity makes rigging a national election a significant challenge for would-be attackers.

With less than six months to the deadline for agencies to implement HTTPS on all public-facing websites, nearly half of .gov sites remain unprotected. Deploying the secure protocol should be one of the easier security mandates for agencies to meet.

A suggested phase-out by NIST of SMS for sending one-time passwords has been widely misinterpreted as a threat to two-factor authentication. No need to worry—2FA is not going away and you can still use your mobile phone as a token.

Commentators are warning of the dangers of the wildly popular game when used on mobile devices for business. But instead of worrying about Pokémon Go, you should have an enforceable policy in place for all apps.

Researchers have demonstrated a way to hide voice commands to smart phones so that humans cannot understand them. Who’s talking to your phone?

The market for cyber insurance is growing, but this industry has not yet reached the critical mass needed to reform how we protect our information infrastructures.

NIST is asking industry to help develop a solution to help ensure the integrity of data after a breach or other incident. The effort is being undertaken at NIST’s National Cybersecurity Center of Excellence.