Wanted: Metrics for Measuring Cyber Performance and Effectiveness
Intense worries about cybersecurity mean system owners are stacking up cyber tools to help protect their organizations, often duplicating features and capabilities in the process. The problem: There’s no sure way to measure the effectiveness of one tool over another.
Today’s shortage of skilled cybersecurity professionals won’t end overnight, but the answer to solving the shortage may be here. It’s the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. By defining a common language to describe the skills, knowledge and requirements needed to fill each type of cyber job, the framework provides a baseline for understanding which can be shared by employers, educators and workers alike.
Insider threat protection programs accumulate massive storage volumes in order to monitor and track user activity over time. What data organizations choose to collect – and how long they choose to retain – depends on its risk tolerance and how much it’s willing to spend.
The massive volumes of security that data agencies now collect to root out potential insider threats can overwhelm resources and complicate real-time search and analytics. Are new tools needed to help agencies pinpoint insider anomalous behavior and patterns?
What We’re Reading
A year after then-chief information officer Terry Halvorsen first publicly floated the idea of killing DoD’s Common Access Card in favor of a collection of more flexible authentication technologies, the Pentagon is beginning to test drive at least one of the potential replacements for the CAC.
Last week, the Defense Innovation Unit-Experimental reached an agreement with Plurilock Technologies, a Victoria, British Columbia-based firm that holds several patents on behavior-based authentication (or, “behaviour-based,” to our friends to the north).
Intelligence drives operations. The same can be said for quick-reaction cyber forces when responding to an incident.
At least 500 million Yahoo users had their information stolen in 2014, the company said on Thursday — a year when half of American adults had their personal information exposed to hackers. Several more big names have been attacked since.
The Census Bureau will forge ahead with its plans to tally and mark addresses in fiscal 2017 and with its 2018 tests to ensure that new technologies and methodologies are ready for the decennial census in 2020.
Many current and former federal employees who signed up for identity protection services after the cyber theft of their personal information soon will have to re-enroll to keep that coverage, administration officials said Monday.
There’s no such thing as a perfectly secure phone, especially if it also connects to the internet. But leaving your phone on the plane every time you visit a hostile foreign country isn’t an option for everyone, and so a handful of top military commanders now have a device that can send and receive Secret and Top Secret messages. No surprise: it doesn’t work quite like the one in your pocket.
A senior U.K. official is asking that law enforcement be given access to encrypted messages on WhatsApp and similar services, a demand that is likely to fuel an ongoing debate over whether companies should create backdoors into their encryption technologies for investigators.
Momentum is building for a new cybersecurity agency in the Homeland Security Department. The idea initially proposed by Rep. Mike McCaul (R-Texas), chairman of the Homeland Security Committee, received some crucial support on March 22 when two former federal cyber executives threw their weight behind the idea.
The head of the U.S. Cyber Command discusses the Sony hack, state-backed attacks and WikiLeaks