White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
The Protecting Cyberspace as a National Asset Act also would replace paper-based FISMA compliance with continuous monitoring of technology systems and assaults by "friendly hackers" to test IT vulnerabilities.
The $60 million settlement announced by Heartland Payment Systems and Visa on Friday didn't come without some provisions (translated: strings attached) for those institutions thinking about taking the settlement offer.