Moving beyond periodic certification of information systems to the Risk Management Framework requires standardizing and automating the assessment process.
Publications
SMS is safe for now
A suggested phase-out by NIST of SMS for sending one-time passwords has been widely misinterpreted as a threat to two-factor authentication. No need to worry—2FA is not going away and you can still use your mobile phone as a token.
Not if you have a good apps policy in place
Commentators are warning of the dangers of the wildly popular game when used on mobile devices for business. But instead of worrying about Pokémon Go, you should have an enforceable policy in place for all apps.
Tenable Blog
Summer is the best time for infosec professionals in institutions of higher education to focus on cybersecurity projects: baselining and inventorying, planning regular scans, and implementing new procedures.
Audio-hacking your smart phone
Researchers have demonstrated a way to hide voice commands to smart phones so that humans cannot understand them. Who’s talking to your phone?
So You Want To Be A Penetration Tester
Although penetration testing might be viewed as one of the more glamorous jobs in cybersecurity – think of Tom Cruise in Mission Impossible hacking into a CIA computer while dangling horizontally from cables in a heavily protected room – it might come as a surprise to learn that one of the challenges of the profession … Continue reading So You Want To Be A Penetration Tester
Tenable Blog: Remembrance and Eternal Vigilance
In cybersecurity as in national security, remembrance and eternal vigilance are essential to maintaining our freedom.
We’re still waiting for the full impact
The market for cyber insurance is growing, but this industry has not yet reached the critical mass needed to reform how we protect our information infrastructures.
Tenable Blog: Vulnerability Management in Government–Visibility Plus Context
Vulnerability management is an essential part of government cybersecurity. It requires not only continuous monitoring and visibility to spot vulnerabilities, but also the context needed to prioritize vulnerabilities based on risk so agencies can take effective action to eliminate, patch or mitigate.
NextGov Emerging Tech: Great Government Gamification Projects
And as more people begin playing games and becoming familiar with the pillars of gaming, gamification projects will also pick up more players. Government agencies should make sure to stay on point with this trend. A good gamification project can enable them to tap into a hugely powerful problem-solving resource, all for the low cost of providing a little bit of fun for their players.