SANS 2014 Continuous Diagnostics and Mitigation Survey

Editor’s Note: The link to the SANS survey is here. Below is the introduction.

From: SANS

This SANS survey is designed to determine the level of awareness and adoption of the Continuous Diagnostics and Mitigation (CDM) capabilities offered under the DHS CDM/Continuous Monitoring as a Service (CMaaS) program. The goal of this survey is to collect data that can be used to make it easier for government security managers to make real security advances by reducing barriers to using the CDM contract. The results of this survey will be announced at the SANS CDM Summit in August.


DHS striving to avoid ‘tragic mistake’ under cyber program

From: 1500 AM

By Jason Miller

The success or failure of the continuous diagnostics and mitigation program comes down to a simple premise: Will the right people in each agency use the data to solve their most pressing cyber threats immediately or will the information languish with the wrong people?

The Homeland Security Department is betting on the former by taking specific steps to ensure the right people have the right data to protect federal networks.


L.A.’s Cyber Intrusion Command Center: A Model for Cybersecurity Governance?

From: Government Technology

IT governance and cybersecurity are two of the most critical issues in government, which is why Los Angeles is combining them in its new cyber command center.


The Cyber Intrusion Command Center was born out of an executive directive by Mayor Eric Garcetti that called for a 24-hour operations center to monitor cyberthreats facing the Los Angeles area. The center is operated by the Los Angeles Police Department, but administrative members come from across city and federal agencies. The center, which launched in November 2013, isn’t just technology used to scan for threats, but is a way for city government to establish a more mature model for cybersecurity governance. 


The Next Snowden Case Can be Prevented

From: IsraelDefense

Almost none of the world’s security companies is concerned with the question of how to prevent another case of a leak like the Edward Snowden case. Will the implementation of the HFTIM method provide the solution?

Shabtai Shoval

One of the existing cyber measures intended to prevent an “insider threat” would have stopped Edward Snowden, or Mordechai Vanunu for that matter. Moreover, all of the IT-oriented solutions designed to prevent an “insider threat” within the organization are incapable, by definition, of preventing a sophisticated employee from carrying out his evil schemes. This serious allegation will most certainly enrage all of those IT executives who spend millions each year on technologies offering only limited effectiveness.


DOD turns to FedRAMP and cloud brokering

From: FCW

By Christina McGhee

The Federal Risk and Authorization Management Program provides a standardized approach to security assessments, authorizations and continuous monitoring for cloud products and services. FedRAMP is meant to replace the current process by which agencies assess low- and moderate-baseline third-party cloud service providers (CSPs) prior to procurement. Before FedRAMP, individual agencies managed their own assessment methodologies following guidance loosely set by the Federal Information Security Management Act of 2002.

FedRAMP has overhauled the cloud service procurement process for civilian agencies, and it is also changing how the Defense Department assesses the security of its cloud services prior to procurement.


Keith Alexander: ‘Stronger’ Continuous Monitoring Vital to Mitigating Big Data Risks

From: ExecutiveGov

Keith Alexander, former director of the National Security Agency, has projected the world will produce 3.5 zettabytes of data in 2014, Nextgov reported Monday.

Frank Konkel writes Alexander recommended “stronger continuous monitoring” initiatives in order to help address risks associated with the growing big data landscape.

“We’re living in the age of big data and we have to figure out how to harness it,” Alexander told an American Council for Technology – Industry Advisory Council conference, according to the report.

Read Complete Article



From: Politico

“A dashboard displaying real-time visual data on the cybersecurity status of federal computer systems will go live by January, a senior DHS official said, setting the first firm deadline for this element of a new $6 billion government-wide cybersecurity effort,” Pro Cyber’s David Perera reports in a scoop this morning. “The dashboard will enable DHS officials to make at-a-glance assessments of the cybersecurity posture of federal agencies, said John Streufert, DHS director of federal network resilience.”

Read Complete Article (registration required)