Category Archives: Cyberdefense and Information Assurance

Cyberdefense and Information Assurance, Other Federal Agencies, tech

NIST puts head into cloud computing

FCW reports that NIST is assembling a cloud computing team to develop ways to assess the security of applications built with a cloud computing architecture.

“The team will give our customers a sense of what kinds of risks they may be taking on by moving into that new territory,” [Ron Ross, a senior computer scientist and information security researcher at NIST] said today at the SaaS/Gov 2009 conference produced by the Software and Information Industry Association and market research firm Input.

Standard
Cyberdefense and Information Assurance, Policy

Experts converge to state obvious on cyber security

FCW’s Ben Bain reports:

The Institute for Information Infrastructure Protection (I3P) today released recommendations that included improved coordination for cybersecurity research and development efforts.

And what did they recommend?

  • Better coordination.
  • Better metrics for security.
  • A better legal framework.
  • Oh, and consider the human element.

Oh REALLY? Really?

“Improved coordination” is like bipartisanship and charity–everybody wants it, until it’s their turn to give a little.

Metrics? You mean, we need to measure something?

Okay. I’ll leave the legal thing alone, other than to say that everyone is painfully aware of the legal issues in nuking a zombie computer on a network in a friendly country that may cohabitate with, say, a billion dollars worth of economic value.

And the human factor? Can’t we all just agree to stop replying to the sons and wives of Nigerian government officials already, and stop clicking on the monkey?

Standard