ANALYSIS – CDM, NIST Framework Help Remedy Federal Cybersecurity Challenges in GAO Report

From: Homeland Security Today

By: Thomas Gann, vice president, public policy, McAfee

A recent GAO audit report pointed out something that should come as no surprise: federal agencies face several challenges when it comes to cybersecurity. The challenges GAO cited include: Threats from both intentional and unintentional hacks; implementing risk-based cybersecurity; proper identity management; access control, data breaches; and, improving incident response.


The GAO’s audit rings most true for civilian agencies. However, programs like Continuous Diagnostics and Mitigation (CDM) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, show the federal government is taking the right steps to strengthen its cybersecurity posture.


The information security game: How to be on the front foot against cyberattacks

From: CIO (New Zealand)

Or, how the best defence strategy of rugby can be applied to protect New Zealand enterprises from new ‘advanced threats’

Edited by Divina Paredes (CIO New Zealand)

Kiwis love rugby, and know that on the field, the best defence is complemented by a strong attack. This tried and tested sporting strategy also now applies to protecting New Zealand enterprises from the new “advanced threats”.




One “giant leap” to a secure cloud platform for U.S. corporations

From: Association of Corporate Counsel

Paul A. Ferrillo and Jeffrey D. Osterman | Weil Gotshal & Manges LLP


From a data security perspective, though, there are certain security measures that should be investigated by potential cloud customers before they make the decision to move their data to a cloud-based environment. This area is highly technical (and thus security professionals and cyber-governance and cybersecurity lawyers should also be consulted before making this decision), but we try below to boil down these measures into objectives for directors and officers to consider when asked to finally approve a move to the cloud:


Commercial IT Fuels DoD Information Environment

From: Armed With Science | The Official U.S. Defense Department Science Blog

by Yolanda R. Arrington

Defense Department Chief Information Officer Terry Halvorsen is leading a charge to modernize the department’s information technology-cyber enterprise using every available tool, especially those in commercial markets, a defense official in the CIO’s office said.

David A. Cotton, acting deputy CIO for information enterprise, recently spoke to an audience at the FedScoop 2015 Mobile Gov Summit about how DoD is leveraging the power of commercial IT to give its workforce access to information at the point of need.



Auditing Your Data for Insider Threats with Splunk

From: carahsoft

Splunk Webcast

Auditing Your Data for Insider Threats with Splunk

Event Date: May 14, 2015  at 2:00pm EDT
Hosted By: Splunk & Carahsoft

Data generated by applications and servers, inside or outside a department or agency, can play a significant role in determining anomalous employee behaviors. In some cases, the motivational context for those behaviors can signify an insider threat. Knowing the difference between willful acts and innocent mistakes requires understanding when user activity is abnormal in the broader context of employee behavior.


SAFETY Act liability shield starts showing cracks

From: CSO

Full protection for FireEye customers requires a set it and forget it approach to security, make too many changes and the liability shield is gone


This week, Salted Hash has examined the Department of Homeland Security’s (DHS) SAFETY Act, and FireEye’s promise to customers that their certification under the act provides them protection from lawsuits or claims alleging that the products failed to prevent an attack.


Red Hat Enterprise Linux 6.7 Enters Beta

From: eWeek

By Sean Michael Kerner

Even though RHEL 7 is the latest version, the Linux vendor continues to add new features to RHEL6.x.

Linux vendor Red Hat on May 5 released its Red Hat Enterprise Linux (RHEL) 6.7 beta, providing users with a preview of features and capabilities that will become generally available later this year.


RHEL 6.7 also provides users with improved Microsoft Windows operating system interoperability, by way of enhancements added to the Red Hat System Security Services Daemon. Additionally, the new SCAP (Security Content Automation Protocol) Workbench now provides users with a graphical user interface to make the SCAP tool easier to use. SCAP provides a framework for creating a standardized approach for maintaining secure systems.


Gartner: Are security analytics key to breach detection – or just hype?

From: CIO

“Ultimately, how actual human users interface with the outputs of large data analytics will greatly determine if the technology is adopted or deemed to produce useful information in a reasonable amount of time,” says Gartner research director Eric Ahlm.

Divina Paredes (CIO New Zealand)

Although security spending is at an all-time high, security breaches at major organisations are also at an all-time high, reports Gartner.

The impact of advanced attacks has reached boardroom-level attention, and this heightened attention to security has freed up funds for many organisations to better their odds against such attacks, says Eric Ahlm, research director at Gartner.


Cyber Security in a Globally Integrated World

From: Drexel University | LeBow College of Business and the Global Interdependence Center

33rd Annual Monetary and Trade Conference


See, GIC’s Annual Monetary and Trade Conference Part 2

See, GIC’s Part Annual Monetary and Trade Conference Part 1