President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
In many if not most enterprises, the chief information security officer reports to the chief information officer. After all, enterprises cannot function without IT, and security is a support function to safeguard data and systems. Or is it?
Manufacturers of a wide variety of devices that link to the Internet can improve security by turning to processes IT has used for nearly a generation, says Tony Sager of the Council on Cybersecurity.
An analysis of the Target breach prepared for a Senate committee is a political document that might help its patron's agenda but doesn't go far enough to identify technical solutions to help enterprises avoid Target-like breaches.
When a former U.S. president acknowledges that he won't use e-mail to correspond with foreign leaders to avoid snooping by the NSA, you know the image of America as a bastion of freedom - at least online - has dropped a few more notches.
The investigation of the disappearance of Malaysian Flight 370 is raising issues that are very similar to those considered in cybersecurity cases, ranging from the insider threat to deleting data from a computer.
Speculation surrounding the cause of the disappearance of Malaysia Airlines Flight 370 hasn't included the possibility of a cyber-attack. But one cybersecurity expert contends hacking an airliner is feasible.
If Congress fails to enact a national breach notification law, the Obama administration could develop a set of voluntary best practices along the lines of its new cybersecurity framework.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
Here's a sampling of the many sessions at RSA 2014 that will provide timely insights for security specialists in the government sector on such topics as vetting foreign technologies and implementing the new cybersecurity framework.
In the past few months, the "Internet of Things" has gained more attention, and the cybersecurity and privacy implications are only beginning to be addressed in many quarters.
Anecdotal evidence usually supports the data the Labor Department culls on IT security employment. Usually isn't always, and the 2013 stats reported by the Bureau of Labor Statistics are at odds with what is likely true.
The chairman of the Senate Judiciary Committee has introduced a national data breach notification bill for the fifth time, but its chances of passage remain slim.
Can the two most feared nations in cyberspace finally come to an agreement to stop hacking each other and stealing confidential data? Here's one peace-making approach worthy of consideration.
NIST will soon start writing the "final" version of its cybersecurity framework, a guide to information security best practices for operators of the nation's critical infrastructure. But should it be beta tested?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.