NIST SP 800-137

From: eWeek

By Robert Lemos

The push to improve security at federal agencies could mean as much as $6 billion for security firms that win the coveted contracts.

The U.S. government’s push to improve the security of its civilian, intelligence and military agencies has attracted enormous interest from the security industry, with almost two dozen teams of companies competing for a piece of a $6 billion budget over the next five years for deploying systems that will continuously monitor the security status of networks and systems.

From: Network World

Push for standards, continuous monitoring, and security automation may encourage industry and commercial sector collaboration and support

Jon Oltsik

From: FCW

By Frank Konkel

With Federal CIO Steven VanRoekel called away on White House business, Deputy CIO Lisa Schlosser stepped in to talk about federal IT priorities via Skype at the ACT-IAC Management of Change 2013 conference in Cambridge, Md.

Her message, similar to those VanRoekel has delivered recently, centered on increased innovation, improved cyber and information security, a CIO Council-led effort to implement continuous monitoring in the federal space, and cost-cutting measures such as strategic sourcing and shared services.

From: National Defense Magazine

By Tim Larkins

The federal government will spend about $10 billion on cybersecurity in fiscal  year 2013. That number could grow to $13 billion in fiscal year 2014.  For most federal agencies, cybersecurity is one hot-button issue that will not soon  disappear. Determining what to defend against will play a large role in how much  money the government must allocate toward cybersecurity.

From: GovInfoSecurity.com

House Panel Places Few Limits on How Money Could Be Spent

By Eric Chabrow

A House Appropriations Committee bill would give the Department of Homeland Security $24 million less for cybersecurity than President Obama seeks. But it would provide the administration lots of flexibility in how to spend the money.

The legislation, which cleared the panel May 16 and goes to the full House, would earmark $786 million for cybersecurity operations in fiscal year 2014, which begins Oct. 1. This figure represents a 4 percent increase over current spending levels and includes nearly $200 million for a federal network security program housed at DHS. That initiative is aimed to assist other agencies in providing adequate, risk-based and cost-effective cybersecurity, which includes the acquisition and operation of continuous monitoring and diagnostic software.

From: GovWin/Deltek

by Kyra (Kozemchak) Fussell

From: InformationWeek/Education

The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.

David F. Carr

When a faculty member at Miami University in Oxford, Ohio, logged in to the university’s grade book last fall, she realized something was wrong: The grades in the online system didn’t match her paper records. She was alert enough to see this was no mere glitch.

From: GCN

By William Jackson

Leo Scanlon, chief information security officer of the National Archives and Records Administration, has an information security question for federal CIOs: “Are you satisfied that where you are is good enough? Do you understand the risk?”

Too often, he says, federal C-level officials do not know if their security is adequate because they do not understand the risks they face and what the risk tolerance of their agencies should be. And too often, they are content to remain that way.

From: IT-Director.com

By: Fran Howarth

Every year, I search for a common theme at Infosec Europe, but this year it was not so immediately obvious. There were no large clouds hanging above the exhibition hall and many of the largest vendors were absent, their places taken by innovative start-ups.

Yet, under the covers, there were two major themes that many of the vendors that I spoke to talked about—APTs (Advanced Persistant Threats) and the need for continuous monitoring. In fact, these two things go hand in hand.

From: TechNewsWorld

By Joe Fantuzzi & Torsten George

Regulations and mandates — whether they’re from government or industry — are important aspects of ensuring security within organizations. However, there is more to the battle to lock down information in a Big Data world. Compliance should play a supporting role within a framework driven by risk assessment, continuous monitoring, and closed-loop remediation.

Mushrooming industry and government mandates that govern IT security have led to a highly regulated environment and annual compliance fire drills. Compliance, however, does not necessarily equal better security.