The National Institute for Science and Technology has published a draft questionnaire that companies and other organizations can use to assess their cybersecurity “maturity” — a response, NIST says, to demand from the private sector. Boosters say the document will help specialists explain the importance of cybersecurity to the company’s bottom line — the “holy grail” of business cybersecurity. But some critics…

The sparsely populated Spratly Islands, a collection of hundreds of islands and reefs spread over roughly 165,000 square miles in the South China Sea, are very quickly becoming the center of one of the most contentious international disputes between world powers since the fall of the Soviet Union. Alarmingly, the use of cyber attacks in…

The National Institute of Standards and Technology (NIST), a Commerce Department agency, has released a draft Baldrige Cybersecurity Excellence Builder, describing it as a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. NIST is requesting public comments on the draft document, which blends the best of two globally…

When security breaches make headlines, they tend to be about nefarious actors in another country or the catastrophic failure of technology. These kinds of stories are exciting to read and easier for the hacked company to admit to. But the reality is that no matter the size or the scope of a breach, usually it’s…

The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts. “Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level…

Since May, the Defense Department has more than doubled the number of approved commercial cloud computing providers. The military services and agencies now have more than 50 vendors to choose from to buy commercial cloud services at low and moderate security levels. That’s a good start for DoD. “For low-risk stuff, we actually access those…

For the past two years I have predicted that if American businesses did not step up their game on protecting data security, then government would step in and force the issue. Consider how the Affordable Care Act came into being. Health care has been on the government’s agenda since the Clinton administration. The health-care industry…

Security certifications are necessary credentials, but alone won’t solve the industry’s critical talent gap. There’s an adage in the legal community that passing the bar exam does not make you a good lawyer. But does obtaining a certification make you a good cybersecurity professional? The answer, similarly, is no. But it’s a step in the…