The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
Creating circles of trust - networks of IT security professionals who rely on one another - is a key element in forthcoming National Institute of Standards and Technology guidance on incident response.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Account takeover techniques are getting more sophisticated; new "account checkers" are helping hackers automate their processes. The trend is just one more reason why we need advanced forms of authentication.
White House Cybersecurity Coordinator Michael Daniel sees significant savings in continuous diagnostics because the automated approach to identifying systems vulnerabilities could replace costly checklist compliance reporting.
In the wake of Arbor Network's recent discovery of a new botnet that's brute-forcing passwords on WordPress sites, security experts, including Nick Levay of Bit9, recommend beefing up password security on web applications.
Three U.S. banks have been targeted by new DDoS attacks that apparently had little impact. As bank defenses improve, some experts say the attackers may shift targets to other industries affecting critical infrastructure.
The old saw of a blind squirrel fortuitously finding an acorn reminds the Atlantic Council's Jason Healey of cyber-assailants from third-rate cyber-power Iran, believed to be behind DDoS attacks on U.S. banks.