President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
An analysis of the Target breach prepared for a Senate committee is a political document that might help its patron's agenda but doesn't go far enough to identify technical solutions to help enterprises avoid Target-like breaches.
With a need for more than 4,000 new specialists over the next two years, the U.S. Cyber Command will look within the military for help, providing training to enlistees to re-invent themselves as cyber pros, Defense Secretary Chuck Hagel says.
The No. 1 reason Congress, after five years of intensive efforts, has yet to enact comprehensive cybersecurity legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information.
Having cyber-responders from various civilian agencies located on the same campus should help foster new ideas to battle threats to critical government and private-sector IT systems, a top administration official says.
The threats, attacks and crimes don't differ greatly around the world. What does differ is how each region responds. Freddy Dezeure of CERT-EU is working to ensure that Europe is ready to respond appropriately.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
In light of the critical shortage of information security professionals, organizations must strive to become a "center for security excellence" to successfully recruit the specialists they need, says analyst John Oltsik of Enterprise Strategy Group.
While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.
Some people say the U.S. faces a cybersecurity staffing shortage. Renowned computer science professor Eugene Spafford disagrees. He discusses what he sees as the real shortage and what we can do about it.