Archive for October, 2011

Continuous monitoring requires strong leadership — and software

From: 1500 AM

By Jack Moore
Federal News Radio

For federal agencies, staying compliant with FISMA — the Federal Information Security Management Act — can feel like an endless process.

And in the ever-shifting world of federal IT and cybersecurity, to some extent, it is never-ending.

However, there’s a new guide to help agencies meet their continuous monitoring requirements.

Bruce Levinson, the editor of FISMA Focus at the Center for Regulatory Effectiveness, joined the Federal Drive to discuss the center’s recent survey on agency FISMA compliance. with Tom Temin and Amy Morris

Obama officials press for cybersecurity bill in classified briefing

From: The Hill

By Gautham Nagesh

Obama administration officials held a classified briefing with senators Wednesday to press for passage of comprehensive cybersecurity legislation this year, The Hill has learned.  

Several senators on Thursday acknowledged to The Hill that they had taken part in the classified briefing. The session was requested by the Obama administration and included representatives from the White House, Federal Bureau of Investigation, the Department of Homeland Security, National Security Agency and Pentagon, as well as the bipartisan leadership of the committees with jurisdiction over cybersecurity. 

Class action suit seeks $4.9 billion in damages from TRICARE data theft

From: NextGov

By Bob Brewin 

An Air Force veteran of the first Iraq war and a military spouse and her two children have hit the Defense Department with a class action lawsuit seeking $4.9 billion in damages from the theft of a computer tape containing personal and sensitive health information from the car of an employee of Science Applications International Corp., a contractor with the TRICARE Health Management Activity. The company was not named as a defendant in the action.

Businesses, Republicans Aim For Cybersecurity Assistance, Not Regulation

From: National Journal

By Josh Smith

Cyberattacks have business leaders concerned, but what may be equally worrisome to them is the potential for sweeping new government regulations designed to counter cyberthreats.

On Tuesday the Business Roundtable, which includes dozens of America’s largest corporations, released a report calling for industry-friendly, voluntary steps, rather than overt mandates, to reduce cyberattacks.

Its message to the government: Help us, but don’t overregulate us.

“Business Roundtable does not support legislative and policy solutions that prioritize simple ‘check-the-box’ activity over sophisticated management of shared cyber-risks,” the report said.

GOP cybersecurity task force: Cooperate, don’t regulate

From: GCN

By William Jackson

A Republican task force on Oct. 5 released a set of limited, near-term recommendations for cybersecurity legislation that emphasized voluntary standards rather than government regulation.

The recommendations take a piecemeal approach to reforming and upgrading the nation’s cybersecurity framework for the government and private sectors.

“We are generally skeptical of large, comprehensive bills on complex topics, at least as the bills are being written,” the Republican cybersecurity task force said in its report. “We generally are skeptical of direct regulation and of government agencies grading the security of a private company, which is another form of regulation.”

NIST offers a how-to for must-do continuous monitoring

From: GCN

By William Jackson

Continuous monitoring is a crucial element in the Risk Management Framework developed by the National Institute of Standards and Technology, and new guidance now is available for continuous monitoring programs.

“In today’s environment, where many, if not all, of an organization’s mission-critical functions are dependent upon information technology, the ability to manage this technology and to assure confidentiality, integrity and availability of information is now also mission-critical,” according to the guidelines.