Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).
Managing Information Security Risk: Organization, Mission, and Information System View (NIST Special Publication 800-39) provides the groundwork for a three-tiered, risk-management approach that “fundamentally changes how we manage information security risk at the federal level,” says Ron Ross, NIST Fellow and one of the principal authors of the publication.
Computer scientists at the National Institute of Standards and Technology (NIST) are requesting comments from interested parties on their biennial update of the catalog of security controls for the federal government. The security control catalog provides a comprehensive set of management, operational and technical safeguards—protective measures—that can be used by federal agencies to help protect federal information systems. The deadline for comment submission is April 29, 2011.
In its fiscal 2012 budget, the Obama Administration requested the National Institute of Standards and Technology’s receive $43.4 million for cybersecurity programs, an increase that would more than double the funding for NIST research and development programs in this area, according to NIST officials.
Microsoft also said it was close to getting FISMA certification for its BPOS services. It has already achieved the certification for its data centers and expects to complete the process for the applications within a month or so
Half of U.S. government Web sites are vulnerable to commonplace DNS attacks because they haven’t deployed a new authentication mechanism that was mandated in 2008, a new study shows.
A controversial Internet security bill proposed in 2010 by Sen. Joe Lieberman (I-Conn.) could yet become law in the current session of Congress, said Jeff Greene, counsel on the majority staff of the Senate Homeland Security and Governmental Affairs Committee.
The National Institute of Standards and Technology has released a draft of its guidelines for implementing enterprisewide information risk management. The document defines the underlying principles for implementing the Federal Information Security Management Act.
Google is claiming that it was not given a chance to bid on a cloud-computing project for the U.S. Department of Agriculture, for which the contract was awarded to rival Microsoft.
One out of every two IT security professionals spends 50% of the work week on regulatory compliance initiatives, according to a new survey.