RSA Conference 2012 To Name Most Innovative...
The RSA Conference, held in San Francisco this year, is only a few days away. Over the course of the five day conference attendees will be able to take place in Peer2Peer sessions, SANS Tutorials, or, of...
Despite Recent Threats American Infrastructure...
When most people think of cyber crime and cyber terrorism, they think of credit card information being stolen, identities being compromised, and, most recently, massive DDOS attacks by organizations...
Pwn2Own Contest Puts Bounty On Browser...
Dog the Bounty Hunter, known for his shirtless leather vest approach to dressing and his less than tactful approach to apprehending bail jumpers, may not be ready for the next round of bounties coming...
NIST Releases Updates To Security Guidelines
By: Trevor Boland
With the growing threat presented to information centric businesses by tech mobility and the cloud, NIST finally updated the federal guidelines on cyber security. NIST, or the National Institute of Standards and Technology, released their first draft February 28th, three years since the last update in 2009.
Among the changes are a cloud first policy, making cloud technology a priority for IT projects. In addition, the policy acknowledges a bring your own device policy, allowing employees to use the mobile device of their choosing at work. Ron Ross, FISMA Implementation Project Leader stated,
"The changes we propose in Revision 4 are directly linked to the current state of the threat space--the capabilities, intentions and targeting activities of adversaries--and analysis of attack data over time."
In addition, the revision includes a modification to their guidance on security assurance, Appendix E. The appendix explains how organizations can "establish measures of confidence that the security controls put in place are providing the necessary security capability to protect critical missions and business operations".
In the end, I think Ross sums it up best, "Having security functionality in your information systems without the appropriate assurance is like skydiving without a backup parachute--you don't need it until you need it. And without it, the outcome is very predictable." You can see the full revisions here.