The National Institute of Standards (NIST) has developed guidelines for cloud computing and cloud security based upon extensive research for a reference architecture which includes taxonomies that define roles, services and service deployment models. Their approach has been to invite…

The Flame virus uses a MD5 collision attack to generate a rogue Microsoft digital code-signing certificate. With the certificate in hand, the virus passes the malware to Windows computers as an update from Microsoft. It is recommended that certificate authorities stop signing digital…

May's Lunch N' Learn included an in-depth look at NIST Special Publication 800-130, "A Framework for Designing Cryptographic Key Management Systems." Some of the topics covered during the presentation included an introduction to cyptography and cryptographic services, Cryptographic Key…

Guest Speaker Ron Martin, the Executive Director of Open Security Exchange was gracious enough to come present, "Adopting FICAM Version 2 Best Practices for PACS federation and OMB M-11-11." The presentation covered the essential elements of FICAM version 2 and what has changed since version 1…

President and CEO Dr. Sarbari Gupta discussed PKI fundamentals during our most recent lunch n' learn event. Some of the topics covered during the presentation included public key infrastructure and its architectural entities (certificate authority, subscriber, relying party, and repository),…

DNSSEC is a suite of protocols (RFCs 4033-4035) extending the Domain Name Service to add authentication and prevent spoofing and domain cache poisoning. Scott Shorter held the presentation and discussed the current threats to DNS, how DNSSEC addressed them and the Federal DNSSEC Deployment…