The FISMA Focus IPD

Editor’s Note:  The NIST Interagency Report NISTIR 7817, A Credential Reliability and Revocation Model for Federated Identities by Hildegard Ferraiolo is attached here.  The Introduction is below.

From: NIST

Identity providers establish and manage their user community’s digital identities. These identities (in the form of digital credentials) are employed by users to authenticate to service providers. The digital identity technology deployed by an identity provider for the population of its users varies and often dictates a specific authentication solution in order for the service provider to authenticate the user.

Editor’s Note:  The authors are correct, “Public-private partnerships are the foundation for effective critical infrastructure protection and resilience strategies, and that timely, trusted information sharing among stakeholders is essential to the security of the  nation’s critical infrastructure.”  Public-private partnerships and approrpiate information sharing will need to be the cornerstone of any critical infrastructure cyber defense regulatory regime if it is to be effective, irrespective of whether the protections are mandatory, voluntary or hybrid.

From: Politico/Opinion Contributor

By RON JIBSON and DAVE MCCURDY

From: GoveInfoSecurity

Planning, Coordination Needed from the Start

By Jeffrey Roman

The complexity of the smart grid introduces a cybersecurity challenge that isn’t easy to overcome.

The smart grid is unlike other critical information infrastructures in that millions of nodes located in businesses, government installations and residences connect to the grid, a collection of networks that employ technology to analyze supplier and consumer behaviors to efficiently distribute electricity. And each node introduces a point for hackers to exploit to attack the grid.

From: Wall Street & Technology

Greg MacSweeney

Banks knew this past September’s DDoS attack was coming, but were powerless to stop it. What can be done to prevent the next attack from succeeding?

November 29, 2012

Normally, if enterprise IT security professionals know about a potential threat in advance, they can take steps to mitigate or prevent the damage.

However, when the Izz ad-Din al-Qassam Cyber Fighters telegraphed their pending action against major US financial institutions in September, banks were not able to stop the distributed denial of service (DDoS) attacks, resulting in some disruptions to banking websites and the ability for customers to access information and complete transactions.

From: Law Technology News

By John Edwards

Whether searching for evidence in a criminal prosecution or determining employee activities in a civil dispute, lawyers are increasingly calling on digital forensics experts for investigatory and expert testimony services.

Digital forensics specialists possess unique talents that distinguish them from other tech experts. “Founded in law enforcement, digital forensics encompasses legal, technical, and investigative knowledge,” observed Alton Sizemore, a former FBI special agent who managed programs in cybercrime and white-collar crime. “A major differentiator between digital forensics and IT is the forensic expert’s training and experience in the preservation and analysis of digital evidence and the ability to present their findings in a court of law,” said Sizemore, who is currently director of investigations at Forensic Strategic Solutions, a forensics investigation firm headquartered in Birmingham, Ala.