Food for Thought for the Cyber Security Industry from the Food & Drug Administration

Editor’s Note: The FDA guidance document for industry, “Oversight of Clinical Investigations — A Risk-Based Approach to Monitoring” is available here.

From: Outsourcing-Pharma.com

FDA collaborating with RBM software provider to enhance trial oversight

By Melissa Fassbender

The US Food and Drug Administration (FDA) has signed an agreement with CluePoints to “further explore” a data-driven approach to quality oversight in clinical trials.

Read Complete Article


Continuous risk mandates continuous protections

From: GCN

By Jai Dargan

After more than 16 years, the Office of Management and Budget  released the long-awaited revision of its Circular A-130, “Managing Information as a Strategic Resource,” the governing document for the management of all federal IT systems. This circular has been updated to better reflect the challenges associated with IT systems management as well as an evolving information security threat landscape.

Ordinarily, an update to a regulatory document like A-130 would not garner much attention around the Beltway, especially during an election season. But after the Office of Personnel Management data breach in June of 2015, the revised A-130 could not have come at a better time, especially for agency officials tasked with modernizing legacy IT systems and safeguarding information assets against persistent cyber threats.


Industry Prepares for New Insider Threat Regulation

From: National Defense

By Yasmin Tadjdeh


Under guidance from the department’s defense security service, companies doing business with the Pentagon will soon be required to stand up a program to “gather, integrate and report relevant and available information indicative of a potential or actual insider threat.”

The requirement — which has a Nov. 30 deadline — is part of a change to the Defense Department’s “National Industrial Security Operating Manual,” and was announced in a letter released in May.

Read Complete Article


U.S. Cloud Shift Advances

From: Enterprise Tech

by George Leopold

U.S. government agencies’ slog to the cloud, a journey that has lately been complicated by a new set of security requirements designed to fend off an outbreak of “nation-state” cyber attacks, registered some modest progress this week when another cloud services provider announced it had achieved “ready status” under a federal cloud security initiative.


Company executives noted that the phase one FedRAMP approval means cloud providers seeking federal certification can use the Halo security platform for auditing and monitoring many of the controls requirement under the FedRAMP certification process.


Drilling the web: how oil and gas companies can protect intellectual property using SOC search

From: Energy Voice

Written by


However, only just over half (62 percent) were actively monitoring and analysing security intelligence. What is the quality of that threat intelligence? If we look at a piece of research from Ernst and Young conducted in 2015, we find that 61 percent of O&G organisations believe it’s unlikely or highly unlikely that they would be able to detect a sophisticated attack. Nearly a third 29 percent had no real-time insight on cyber threats. Only 13 percent believe that their information security function is fully meeting needs.


Splunk CTO Urges Collaboration Against Cyberattacks – And ‘Shapeshifting’ Networks

From: Slashdot

“The cost of cyber attacks is 1/10th to 1/100th the cost of cyber defense,” says the CTO of Splunk — because the labor is cheap, the tools are free, and the resources are stolen. “He says what’s needed to bring down the cost of defense is collaboration between the public sector, academia and private industry…the space race for this generation,” reports Slashdot reader davidmwilliams.

Splunk CTO Snehal Antani suggests earlier “shift left” code testing and continuous delivery, plus a wider use of security analytics. . . .

Read Complete Post