Jun
27

Cyber Insurance Discounts for Enterprises w/ Continuous Monitoring Systems?

From: Reuters via MSNBC

  • Apple is working with Cisco to help businesses that primarily use gear from both companies to get a discount on cyber-security insurance premiums.
  • Cook said the combination of gear from the two companies was more secure than the use of competing technology.

Apple is working with Cisco Systems to help businesses that primarily use gear from both companies to get a discount on cyber-security insurance premiums, Apple Chief Executive Officer Tim Cook said on Monday.

***

Cisco said it will create systems that allow for continuous security monitoring and for insurers to double-check that the systems are set up as intended.

Jun
22

New insider threat training regulations take effect for defense contractors

From: FedScoop

Karen Epper Hoffman

Mindful of all the federal contractors who have made news in recent years for their connections to leaked defense-related information, the U.S. government has upped the requirements surrounding insider threat training for defense contractors.

The new requirement—part of National Industrial Security Program Operating Manual (NISPOM) Change 2, which went into effect May 31— demands that all cleared government contractors must complete insider threat employee awareness training prior to being granted access to classified information, and they must go through training annually.

Read Complete Article

Jun
20

NYS Cyber Regulation Countdown: Continuous Monitoring

From: JD Supra

Craig Newman, Kade Olsen | Patterson Belknap Webb & Tyler LLP

In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules.

In complying with the New York State Department of Financial Services (DFS) cybersecurity regulation, financial institutions have a choice.  They can either employ “continuous monitoring” or, instead, conduct annual “penetration testing” and bi-annual “vulnerability assessments.”

***

Jun
15

AI in the Boardroom as Execs Turn to Automated Cyber Defences

From: CommsTrader

Radware security survey shows that four in five executives have implemented more reliance on automated security solutions

by Ian Taylor

Radware, a leading provider of cyber security and application delivery solutions, this week announced the release of its 2017 Executive Application & Network Security Survey, which found that four in five executives have implemented more reliance on automated security solutions, while one-third trust automated systems more than humans to protect their organisation.

Jun
13

A Primer for Federal IT to Protect Networks, Data

From: SIGNAL | The Cyber Edge

By Bob Gourley and Jane Melia

***

For those agency heads tasked with ultimate accountability for managing cyber risk under the presidential executive order signed May 11, the good news is that many federal technology leaders are selected because they don’t shy away from challenges. Their approaches hold great promise in improving cybersecurity and reducing digital risk.

Jun
09

More Needs to be Done to Address IoT Security Vulnerabilities, GAO Says

From: FedTech

The Internet of Things presents great opportunities for the private sector and federal agencies, but a lack of consensus on security protocols invites threats.

by

***

Cloud platforms enable IoT connectivity but also invite security challenges, GAO says. For example, agencies and companies are dependent on cloud providers to carry out key security functions, such as continuous monitoring and incident response. Cloud may also increase the risk that data may be accessed by an excessive amount of personnel for unauthorized purposes. And the complexity of cloud environments also poses increased risks.

Jun
02

Maturity Model Snapshot: Assessment & Authorization & Continuous Monitoring

From: RSA

How do federal agencies and contractors stay compliant? Let us count the ways: meeting FISMA requirements, adapting to NIST 800-53 revisions, moving to the cloud and using FedRAMP and FITARA, factoring in unique department/agency directives, keeping up with new compliance demands, working around budget constraints—and that’s just for starters.

***

Make no mistake: Continuous monitoring can provide a more mature and nuanced understanding of risk. But to fully realize its potential, federal IA professionals must learn how to focus their finite resources where they’re needed most and use them with maximum efficiency.