Building the 21st century vault with layered security

From: GCN | Industry Insight

By John Landwehr


Securing personal information in the digital age requires a similar multilayered approach. No matter where information is located — on the network or a personal computer — multiple layers of security must be in place to keep threats at bay. And effective cybersecurity systems merge three dimensions of content security: content management, rights management and continuous monitoring.



State OIG: Audit of International Boundary and Water Commission [Redacted Highlights]

From: US Department of State, Office of Inspector General

What OIG Audited

The Office of Inspector General (OIG) conducted this audit to assess the effectiveness of the International Boundary and Water Commission, United States and Mexico, U.S. Section (USIBWC), information security program in accordance with the Federal Information Security Management Act (FISMA). Specifically, OIG assessed USIBWC’s information security program and related practices for risk management, configuration management, incident response and reporting, security training, plan of action and milestones, remote access management, identity and access management, continuous monitoring, contingency planning, oversight of contractor systems, access controls, personnel security, and physical and environmental protection.


Endpoint Security Lacking Among Federal Organizations

From: eWeek

By Nathan Eddy

One of the most significant origins of endpoint challenges stem from federal employees using personal devices for work, according to the report.

Federal agencies are facing an explosion in the  both the volume and variety of network endpoints, providing far more opportunities  for malicious access to government networks, according to a MeriTalk and Palo Alto Networks survey of 100 U.S. Federal IT managers and 100 Federal employees.

The study found 44 percent of endpoints are unknown or unprotected and that barely half of federal government survey respondents have taken critical steps to secure endpoints, such as scanning for vulnerable or infected endpoints.


Continuous Diagnostics and Mitigation (CDM)


Welcome to the DHS Continuous Diagnostics and Mitigation (CDM) Training Program website.

The information on this website is intended for government cybersecurity professionals who are participating in the DHS CDM Program and for cybersecurity professionals who would like more information on implementing a continuous monitoring program.

The CDM Training section provides information on upcoming workshops and webinars.

The CDM Guides section provides readiness and implementation training information.

The CDM FAQ section provides a list of questions and answers regarding the CDM Program.

The CDM Resources section provides a list of documents and other helpful resources related to the CDM Program.


GAO: Protecting against Insider Threats at DOD

From: US GAO | WatchBlog

Thirteen people were killed and dozens more injured when a gunman opened fire at Fort Hood, Texas, 6 years ago today. In what’s known as an insider threat, the gunman, a Department of Defense employee, had authorized access to the military base. Today’s WatchBlog looks at how DOD fights against various types of insider threats, whether they’re attacks like the Fort Hood tragedy, the Washington Navy Yard shooting, or the unauthorized release of classified information.

The danger within


How Lockheed Martin sold employees on an insider threat program

From: | 1500 AM

By Emily Kopp

Since a contract employee shot and killed 12 colleagues at the Washington Navy Yard two years ago, the government has inched cautiously toward fulfilling a key recommendation: establish insider threat programs. Some companies that do business with the government are far ahead and waiting for agencies to catch up.

 Defense officials now consider aerospace giant Lockheed Martin’s program as a model.

Read Complete Article