Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
A strategic security analyst from Mandiant, the company that's examining recent hacks from the inside, explains why such cyber-assaults will likely intensify under the leadership of China's new president, Xi Jinping.
Many organizations are weighing whether cyber-insurance is a worthwhile investment. A decision on the type of policy to buy, and what it should cover, depends, in part, on the type of information that could be exposed.
A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.
The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack. NIST's Matthew Scholl offers strategies to mitigate the threat.
NIST issues its interagency report on supply chain practices as a congressional panel cautions against using Chinese-made components that some lawmakers fear might have been altered to spy on Western governments and businesses.
Despite numerous data breaches, as well as financial incentives and penalties, many healthcare organizations aren't taking risk assessment requirements seriously. Experts offer insights on best practices.