Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution

From: Software Engineering Institue | Carnegie Mellon University

By Douglas Gray, Brian D. Wisniewski, Julia H. Allen, Constantine Cois (Heinz College, Carnegie Mellon University), Anne Connell, Erik Ebel (Veris Group), William Gulley (Veris Group), Michael Riley (Veris Group), Robert W. Stoddard, Marie Vaughn (Veris Group)

This technical report focuses on cybersecurity at the indirect, strategic level. It discusses how cybersecurity decision makers at the tactical or implementation level can establish a supportive contextual environment to help enable their success.

Cybersecurity Engineering

Publisher: Software Engineering Institute

CMU/SEI Report Number: CMU/SEI-2015-TR-011

CFTC Eyes New Cyber-Security Regulations

From: Markets Media

In the coming months the U.S. Commodity Futures Trading Commission plans to propose new regulations that aim to improve cyber-security as well as technological and operational risk management of CFTC-regulated entities.

The proposed regulations mark the next phase of the CFTC’s attempts to expand market safeguards beyond improved market and credit risk management for the over-the-counter derivatives market, according to CFTC leadership.

Read Complete Article


GAO: Agencies Need to Correct Weaknesses and Fully Implement Security Programs

From: GAO-15-714 | FEDERAL INFORMATION SECURITY: Agencies Need to Correct Weaknesses and Fully Implement Security Programs


OMB and DHS Continue Actions, but Opportunities Remain for Improving Annual Reporting of Agency Information Security Programs

FISMA 2002 required that OMB, among other things, oversee and annually report to Congress on agencies’ implementation of information security policies, standards, and guidelines. To support its oversight responsibilities, OMB assigned responsibilities to DHS, including overseeing and assisting government efforts to provide adequate, risk-based, cost-effective cybersecurity. OMB and DHS have continued overseeing and assisting agencies with implementing and reporting on cybersecurity, including the following:

FedRAMP Goes Mobile, Benefiting Agencies and the Public

From: IBM Center for the Business of Government

By: Dan Chenok

GSA is now into its 5th year of overseeing the Federal Risk and Authorization Management Program, which GSA’s website describes as “a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” FedRAMP recently entered the mobile space for cloud solutions, which will bring great benefits to agencies and promote the use of cloud as a platform for mobile innovations.

co-authored by guest blogger Andras Szakal, Vice President and CTO, US Federal, IBM

The NIST Cybersecurity Framework (CSF): How to get the most out of it

From: VeriSign

As discussed previously here, the NIST CSF simplifies the complex subject of cybersecurity into language that industries are increasingly using to build company profiles of their cybersecurity programs. The CSF allows businesses to prioritize gaps in the implementation of cyber categories for improvement, using simple vocabulary and definitions that resonate outside of IT security and compliance circles. The NIST CSF categories are organized across five overarching functions. Using the functions and underlying subcategories, the NIST CSF translates into the real-world conversation of how much money, expertise, and political will the organization has for the bite-sized activities that will do a really good job of keeping the firm off the front page news.