NIST SP 800-137

Editor’s Note: Listen to the complete discussion on Federal News Radio here.

From: FederalNewsRadio.com

Is your agency coping with identifying and protecting against the constant  barrage of sophisticated cyber threats, while at the same time, trying to improve  your FISMA scores?

From reduced resources (budget, manpower and unified vision), to lack of an  automated risk mitigation capabilities, these factors continue to impact civilian  agency FISMA scores. WTOP brings together a panel of network security experts to  explore the challenges civilian agencies face in dealing with critical cyber  security concerns, and discuss how to coordinate defenses, leverage advanced tools  and take advantage of CDM programs to help agencies tackle these issues.

From: GCN

By William Jackson

An emerging area in network security is automation, using various tools to monitor systems and network traffic for signs of trouble. Automation can handle tasks that otherwise would have to be done by IT staff members, who are then freed up for other tasks.

From: Nextgov

The Homeland Security Department does not keep tabs on whether contractors that monitor vulnerabilities on federal networks have undergone training, according to a new inspector general audit.

These private sector system administrators support CyberScope, a central reservoir for incoming streams of data summarizing every federal agency’s computer security posture. The composite view of threat-levels is intended to help Homeland Security leaders manage cyber risks governmentwide. The account of an inadequate security training program for system administrator contractors at DHS follows the alleged breach of top secret files by a system administrator contractor at the National Security Agency.

From: VentureBeat

John Koetsier

In the initial rush to the cloud, some companies may have lost site of the  fact that security, efficiency, and continuous monitoring are just as important  in the cloud as in the datacenter. It looks like they’re picking up that theme  now, but perhaps not as swiftly as their customers might like.

A new study by by cloud optimization company Newvem checked 61,545  Amazon Web Services instances which total a yearly spend of over $157 million.  The good news is that cloud users are getting much more savvy about security,  utilization, and optimization.

From: Network World

By Ellen Messmer

National Harbor, Md. — Security monitoring — the type involving traditional security information and event management (SIEM) — can be done in some public cloud environments, according to Gartner. And if you’re using public cloud services, it’s time to think about doing it.

Security monitoring of assets that the enterprise has placed in cloud is still not a common practice, but it really should be, said Gartner analyst Anton Chuvakin during his presentation this week at the Gartner Security and Risk Management Summit.  There is always a “loss of control” when turning corporate data assets over to the cloud, Chuvakin says, but “you can compensate by increasing the visibility that comes with collection of logs and network traffic.”

From: InformationWeek

Elena  Malykhina

Federal agencies have been making significant progress to improve their cybersecurity. However, much more needs to be done as agencies work toward achieving the Obama administration’s cross-agency cybersecurity goals by the end of 2014, according to the latest progress report released by the White House.

Last March, federal cybersecurity coordinator Howard Schmidt unveiled a plan for agencies to implement priorities that safeguard federal IT systems against cyberattacks. The White House’s objective by the end of 2014 is to have agencies achieve 95% implementation of critical administration cybersecurity capabilities on IT systems in the areas of trusted Internet connections (TIC), continuous monitoring, and strong authentication. The effort is part of the Cross Agency Priority (CAP) Goals initiative on Performance.gov, which feds use to grade agencies on their improvement efforts.

Editor’s Note:  Mitre’s registratation page is here, https://register.mitre.org/devdays/.

From: Mitre

Developer Days 2013

From: CSO

By Edward Ferrara

Last week Deloitte announced the acquisition of Vigilant. This is important news for several reasons. With over 14,000 consultants that specialize in information security Deloitte is the largest and broadest of any security consultancy globally. Deloitte provides customized security solutions across a broad number of vertical industries, including financial services, aerospace, defense, retail, manufacturing, technology, communications, energy and pharmaceuticals.