8/6 Webcast: Continuous Diagnostics & Mitigation for #Government Agencies

From: SANS Institute

8/6 Webcast: Continuous Diagnostics & Mitigation for #Government Agencies: Is It Working? A SANS Survey. http://bit.ly/CDMSurvResults



For cyber-defense, automation alone is not enough

From: Federal Times


For years the IT community has been building walls and digging moats to keep out an especially damaging form of cyber attack: the advanced persistent threat, or APT. Now the emphasis has changed. Rather than focus on outside invaders, security experts have set their sights on internal vulnerability.

“It is critical to have people standing on the wall, but someone is always going to slip through, so you do have to have your defense in place beyond that wall,” said Greg Kushto, director of security practice for IT solutions provider Force 3.


Security automation: Are humans still relevant?

Editor’s Note: For more information on the essential human role in continuous monitoring, see Federal News Radio here.

From: GCN/Cybereye

Posted by William Jackson

Cybersecurity is being pushed in two directions. On the one hand, the growing complexity of information systems and the onslaught of threats facing them are putting a premium on speed. Automation is the future of security, said Matt Dean, vice president of product strategy at FireMon. Decisions made about who and what gains access to resources need to be smarter and faster.

“We’ve got to get humans out of the equation,” Dean said. “They can’t react fast enough.”


DHS outlines new CDM task order agenda

From: Federal Times


The Department of Homeland Security, aided by the General Services Administration’s Federal Systems Integration and Management Center, has released the first request for quotation for Task Order 2 of its $6 billion Continuous Diagnosis and Mitigation initiative.

Read Complete Article


Why a Detection-Centric Approach to Cybersecurity is the Wrong Path for Federal

From: Nextgov

By Ken Ammon, chief strategy officer at Xceedium.

National Security Agency Director Adm. Michael Rogers recently stated, “Traditionally, we’ve largely been focused on attempts to prevent intrusions. I’ve increasingly come to the opinion that we must spend more time focused on detection.” This is a troubling statement. Surely, detection is a key component of any security program. But should our government be spending more time on detection than prevention? The answer is no.  

What’s Wrong with a Detection-Centric Approach?  


Agencies reset after missing the mark on cybersecurity goals

From: FederalNewsRadio.com

By Stephanie Wasko
Special to Federal News Radio

Despite steps forward, agencies fell short of their 2014 targets for cybersecurity. The Obama administration is pushing chief information officers to focus on priorities of continuous monitoring, phishing and malware, and authorization processes for 2015, according to the newly released cross-agency priority goals on Performance.gov.

The administration continues encouraging agencies to implement information security continuous monitoring mitigation (ISCM), which continually evaluates agency cybersecurity processes and practices, according to the report. This goal carries over from last year, where agencies saw an increase in real-time awareness that enabled them to manage risks more effectively. Despite this improvement, the administration wants more cybersecurity evaluation.


DHS Inspector General Embraces Continuous Monitoring

From: FedTech

The OIG runs automated security scans on 80 to 90 percent of its IT assets every 10 days and is working to boost those metrics.

The federal inspector general community is known for shining a light on wrongdoing and deficiencies outside its walls.

So, when Jaime Vargas with the Department of Homeland Security’s Office of the Inspector General agreed to share how his office is faring in the security realm, FedTech jumped at the opportunity.


Continuous Monitoring Meets DISA STIG Compliance


By Chris LaPoint/Guest Blog

Thousands of military information technology security personnel probably sat down at their computers this morning and opened a spreadsheet listing hundreds of rules for Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliance. They then might have spent hours logging onto information technology devices, looking at configurations and laboriously going through them line by line to ensure each setting matched the rules in that spreadsheet.

In six months, they’ll do it all over again.


Achieving enterprise security to support agency services

From: FCW

By Dan Chenok, John Lainhart

Increased connectivity has transformed and improved access to government. Citizens today can connect with government agencies and leaders in ways that were unimaginable just a few years ago.

This connectivity, however, has also increased the importance and complexity of our shared risk. Ever-increasing cyberattacks on federal government networks are growing more sophisticated, aggressive and dynamic. It is paramount that as the government continually provides essential services to the public, agencies safeguard information from theft and networks and systems from attacks while protecting individual privacy, civil rights and civil liberties.


GSA, DHS about ready to turn the spigot on for a new set of cyber tools

From: FederalNewsRadio.com 1500 AM

By Jason Miller

The 17 vendors under the $6 billion continuous diagnostics and mitigation program are anxiously waiting for the first of six task orders under phase 2 of the program.

The General Services Administration and the Homeland Security Department are putting the final touches on the next set of contracts that will truly kickstart the federal move toward dynamic cybersecurity protections of agency networks and computers.

Read Complete Article

Older posts «