Blog Posts Tagged with "NIST"
Unintentional ICS Cyber Incidents Have Had Significant Impacts on Nuclear Plants – Why Aren’t they Being Addressed?
October 02, 2014 Added by:Joe Weiss
The NIST definition of a cyber incident as defined in FIPS PUB 200, Minimum Security Requirements for Federal Information and Information System, is electronic communications between systems or systems and people that impacts Confidentiality, Integrity, and/or Availability. The incident doesn’t have to bemalicious or targeted to be a cyber incident
January 06, 2014 Added by:Rohit Sethi
The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.
December 11, 2013 Added by:Anthony M. Freed
Given the pace that both government and the private sector are migrating mission-critical operations to managed service providers, should NIST take steps to identify Cloud-based offerings as part of the nation’s critical infrastructure?
November 19, 2013 Added by:Rohit Sethi
An information security training program is crucial for ensuring and maintaining a good security posture; in order to effectively manage this program you have to be able to measure it. This article introduces a concept recommended by NIST in their Special Publication 800-16, for evaluating training effectiveness.
September 21, 2013 Added by:Anthony M. Freed
EMC's RSA security unit sent an advisory to their developer customers warning against use of a toolkit that employs an NIST encryption algorithm by default that is suspected to have been “backdoored” by the NSA.
July 29, 2012 Added by:Headlines
A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...
July 28, 2012 Added by:Kevin L. Jackson
The objective of this RFI is to learn more about how government can further leverage the key characteristics and advantages of cloud computing to save money and increase IT efficiencies. CSB's are one concept that GSA is exploring and this RFI contains questions specific to cloud brokerages...
July 13, 2012 Added by:Infosec Island Admin
"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."
July 12, 2012 Added by:Headlines
The document is the next step toward updating Federal Information Processing Standard (FIPS) 201. Among its requirements are that all PIV cards contain an integrated circuit chip, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints...
June 14, 2012 Added by:Infosec Island Admin
In this first NIST 'Big Data' workshop, key national priority topics will be explored, including examples from science, health, disaster management, security, and finance. At the same time, topics in emerging technology areas including analytics and architectures will also be discussed...
June 11, 2012 Added by:Headlines
The workshop’s goal is to introduce the center, which will bring together experts from industry, government and academia to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex IT systems...
June 08, 2012 Added by:Headlines
Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher has selected William M. Holt, senior vice president and general manager of Intel Corporation's Technology and Manufacturing Group, to serve on the Visiting Committee on Advanced Technology (VCAT)...
May 30, 2012 Added by:Infosec Island Admin
The HIPAA Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards...
May 16, 2012 Added by:Infosec Island Admin
NIST seeks to engage all stakeholders to identify the available and needed technologies and tools to recognize, prevent, and remediate botnets; explore current and future efforts to develop botnet metrics and methodologies for measuring and reporting botnet metrics over time...
May 14, 2012 Added by:Infosec Island Admin
The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...
May 04, 2012 Added by:Headlines
Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...
Why You Shouldn’t Use the OWASP Top 10 as ... Jessica Barden on 11-21-2014
Security or Checking a Box?... Fadvad FAscvax on 11-21-2014
Why Are We Failing at Software Security?... waqas nayyer on 11-21-2014