What is a Cloud?

There has been much “hype” about cloud and a lot of confusion, especially regarding risk management and security concerns. The groundwork is quietly being laid for security and privacy services in public cloud ecosystems. The collaboration and …

A few years ago, I drafted the first version of a paper for the Federal Public Key Infrastructure Policy Authority (FPKIPA), entitled “The Realized Value of the Federal Public Key Infrastructure (FPKI).” At that time, we declared it mature and proudly documented its value to the Federal PKI…

The concept of reusing credentials is nothing new. A host of standards and technologies have grown up over the last decade. SAML, WS-Federation, OAuth, OpenID, and others, have matured from nascent concepts to standards with broad adoption in COTS products. These standards continue to evolve to…

The White House has received considerable praise for highlighting Critical Infrastructure Cybersecurity in the State of the Union speech this year, and the Executive Order that accompanied the speech takes several important steps in resolving the complex problems facing industry, governments and…

Have you ever thought about the accuracy of your health records? How secure do you think they are as they are used by and exchanged between various health providers? At Electrosoft, we are currently working with the National Cybersecurity Center of Excellence (NCCoE) to provide interoperable…

An updated version of the Electronic Authentication Guideline was released by NIST last Tuesday (2/5/13) – go to http://csrc.nist.gov/publications/drafts/800-63-2/sp800_63_2_draft.pdf to view the updated draft…