Commerce.gov is getting a facelift soon. See the new design.
Syndicate content

Blog Category: IT Security

Protecting Personal Computers at Start-Up: NIST Offers Guidelines

A new draft computer security publication from Commerce's National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

The first software that runs when a computer is turned on is the "Basic Input/Output System" (BIOS). This fundamental system software initializes the hardware before the operating system starts. Since it works at such a low level, before other security protections are in place, unauthorized changes—malicious or accidental—to the BIOS can cause a significant security threat.

"Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization's systems or disrupt their operations," said Andrew Regenscheid, one of the authors of BIOS Integrity Measurement Guidelines. In September, 2011, a security company discovered the first malware designed to infect the BIOS, called Mebromi. "We believe this is an emerging threat area," said Regenscheid. "These developments underscore the importance of detecting changes to the BIOS code and configurations, and why monitoring BIOS integrity is an important element of security." NIST release

Commerce Emphasizing Innovation and Efficiency in IT Security Operations

Simon Szyman at pdoium

Guest blog post by Simon Szykman, Chief Information Officer, U.S. Department of Commerce

You missed it! The Department of Commerce's Office of the Chief Information Officer (OCIO) hosted its inaugural Innovating Security Conference to increase knowledge and awareness of various initiatives, exchange information and ideas, and engage in discussions on ways to further protect and strengthen the security posture of the department’s information systems. Facing security threats that are evolving and growing in sophistication, while at the same time anticipating a constrained outlook for the future due to budget pressures, it is imperative for organizations across the department to pursue improvements in both efficiency and effectiveness by examining operations, collaborating on common objectives, improving information sharing, and identifying opportunities to leverage one another’s independent activities.

The two-day conference is one means of moving toward a higher level of efficiency and effectiveness by emphasizing internal collaborations and open dialogue. The conference included participation and invited speakers from Commerce, as well as from other federal agencies and the private sector, in order to leverage their best practices, lessons learned and knowledge in areas related to information system security. In addition to keynote and panel sessions, service offerings of Commerce internal service providers as well as industry vendors were highlighted during the event.