As the federal government ramps up deployment of continuous monitoring, agencies should significantly reduce the time to certify and accredit IT systems and detect vulnerabilities, says the Defense Department's Robert Carey.
Bank regulatory guidelines for cloud providers highlight due diligence, and organizations that don't adequately screen vendors face trouble. Troy Wunderlich of Washington Trust Bank offers tips for vendor managers across industries.
Organizations incorporating social media into their daily operations tend to have gaps in policies, and key aspects are often an afterthought, says attorney David Adler, who pinpoints areas to address.
As victims of cyber-attacks on their domain name systems providers, The New York Times, Twitter and the Huffington Post UK may have opened themselves and their customers to more nefarious threats, a leading IT security expert says.
As the Defense Department prepares to require military contractors to participate in what's now a voluntary cyberthreat information sharing program, DoD is bringing in an IBM executive to help manage the initiative.
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.