Jun
27

Cyber Insurance Discounts for Enterprises w/ Continuous Monitoring Systems?

From: Reuters via MSNBC

  • Apple is working with Cisco to help businesses that primarily use gear from both companies to get a discount on cyber-security insurance premiums.
  • Cook said the combination of gear from the two companies was more secure than the use of competing technology.

Apple is working with Cisco Systems to help businesses that primarily use gear from both companies to get a discount on cyber-security insurance premiums, Apple Chief Executive Officer Tim Cook said on Monday.

***

Cisco said it will create systems that allow for continuous security monitoring and for insurers to double-check that the systems are set up as intended.

Jun
22

New insider threat training regulations take effect for defense contractors

From: FedScoop

Karen Epper Hoffman

Mindful of all the federal contractors who have made news in recent years for their connections to leaked defense-related information, the U.S. government has upped the requirements surrounding insider threat training for defense contractors.

The new requirement—part of National Industrial Security Program Operating Manual (NISPOM) Change 2, which went into effect May 31— demands that all cleared government contractors must complete insider threat employee awareness training prior to being granted access to classified information, and they must go through training annually.

Read Complete Article

Jun
20

NYS Cyber Regulation Countdown: Continuous Monitoring

From: JD Supra

Craig Newman, Kade Olsen | Patterson Belknap Webb & Tyler LLP

In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules.

In complying with the New York State Department of Financial Services (DFS) cybersecurity regulation, financial institutions have a choice.  They can either employ “continuous monitoring” or, instead, conduct annual “penetration testing” and bi-annual “vulnerability assessments.”

***

Jun
15

AI in the Boardroom as Execs Turn to Automated Cyber Defences

From: CommsTrader

Radware security survey shows that four in five executives have implemented more reliance on automated security solutions

by Ian Taylor

Radware, a leading provider of cyber security and application delivery solutions, this week announced the release of its 2017 Executive Application & Network Security Survey, which found that four in five executives have implemented more reliance on automated security solutions, while one-third trust automated systems more than humans to protect their organisation.

Jun
13

A Primer for Federal IT to Protect Networks, Data

From: SIGNAL | The Cyber Edge

By Bob Gourley and Jane Melia

***

For those agency heads tasked with ultimate accountability for managing cyber risk under the presidential executive order signed May 11, the good news is that many federal technology leaders are selected because they don’t shy away from challenges. Their approaches hold great promise in improving cybersecurity and reducing digital risk.

Jun
09

More Needs to be Done to Address IoT Security Vulnerabilities, GAO Says

From: FedTech

The Internet of Things presents great opportunities for the private sector and federal agencies, but a lack of consensus on security protocols invites threats.

by

***

Cloud platforms enable IoT connectivity but also invite security challenges, GAO says. For example, agencies and companies are dependent on cloud providers to carry out key security functions, such as continuous monitoring and incident response. Cloud may also increase the risk that data may be accessed by an excessive amount of personnel for unauthorized purposes. And the complexity of cloud environments also poses increased risks.

Jun
02

Maturity Model Snapshot: Assessment & Authorization & Continuous Monitoring

From: RSA

How do federal agencies and contractors stay compliant? Let us count the ways: meeting FISMA requirements, adapting to NIST 800-53 revisions, moving to the cloud and using FedRAMP and FITARA, factoring in unique department/agency directives, keeping up with new compliance demands, working around budget constraints—and that’s just for starters.

***

Make no mistake: Continuous monitoring can provide a more mature and nuanced understanding of risk. But to fully realize its potential, federal IA professionals must learn how to focus their finite resources where they’re needed most and use them with maximum efficiency.

May
31

Will New Jersey Be the First State to Hire a Chief Artificial Intelligence Officer?

From: Government Technology

New Jersey Chief Technology Officer Dave Weinstein spoke about the growing cyberthreat against the state, and how automation could help the resource-constrained state.

by

TRENTON, NJ — Cybersecurity and artificial intelligence (AI) are the future of state IT, according to New Jersey Chief Technology Officer Dave Weinstein. While working in the executive branch to help modernize and secure critical systems, Weinstein admits that the state is generally still in a “fact-finding, data-gathering mode.”

***

May
24

DHS cyber sees big boost in Trump budget request

From: FedScoop

***

The spending would cover cybersecurity work with the private sector companies that own and operate the nation’s vital industries, like banking, telecommunications and power — as well as funding for two key governmentwide programs that strengthen the security of federal civilian .gov networks:

  • $279 million for the Continuous Diagnostics and Mitigation program. CDM provides cybersecurity hardware, software, and services to departments and agencies from a centralized fund. The request would more than double CDM’s budget, up from about $102 million last year.

May
16

NIST Opens Comment Period on NISTIR 8170, DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies

From: NIST

Announcing Comment Period for NISTIR 8170, DRAFT The Cybersecurity Framework: Implementation Guidance for Federal Agencies

Email comments to: nistir8170@nist.gov (Subject: “Comments on Draft NISTIR 8170”) Comments due by: June 30, 2017

Further, aggregating essential information from [Security Assessment Report] SARs , [Plan of Action and Milestones] POA&Ms, and [System Security Plan] SSPs enables security Authorization decisions through continuous monitoring. Security control assessments, remediation actions, and key updates to the SARs, POA&Ms and SSPs for the system-at-hand can be considered in the context of the organization’s aggregate risk. The risk register is also curated using the on-going risk changes tracked through Risk Management Framework (RMF) Monitor activities. The risk register is a tool that helps the AO understand if accepting the system risk will drive overall risk beyond organizational tolerance. Organizing the risk register according to the language of the Core also enables a larger group of people to participate in and inform the Authorization decision. In particular, the understandable language of Functions and Categories of the Core enables non-cybersecurity experts to participate.
***
SP 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations, supports the ongoing monitoring of security controls and the security state of systems. 800-137 provides guidance on developing an agency-wide information security continuous monitoring (ISCM) strategy and implementing an ISCM program. An ISCM program assists federal agencies in making informed risk management decisions by providing ongoing awareness of threats, vulnerabilities, and security control effectiveness.

Older posts «