From: SANS Institute
8/6 Webcast: Continuous Diagnostics & Mitigation for #Government Agencies: Is It Working? A SANS Survey. http://bit.ly/CDMSurvResults
Jul
30
8/6 Webcast: Continuous Diagnostics & Mitigation for #Government Agencies
Jul
28
For cyber-defense, automation alone is not enough
From: Federal Times
By ADAM STONE
For years the IT community has been building walls and digging moats to keep out an especially damaging form of cyber attack: the advanced persistent threat, or APT. Now the emphasis has changed. Rather than focus on outside invaders, security experts have set their sights on internal vulnerability.
“It is critical to have people standing on the wall, but someone is always going to slip through, so you do have to have your defense in place beyond that wall,” said Greg Kushto, director of security practice for IT solutions provider Force 3.
Jul
25
Security automation: Are humans still relevant?
Editor’s Note: For more information on the essential human role in continuous monitoring, see Federal News Radio here.
Posted by William Jackson
Cybersecurity is being pushed in two directions. On the one hand, the growing complexity of information systems and the onslaught of threats facing them are putting a premium on speed. Automation is the future of security, said Matt Dean, vice president of product strategy at FireMon. Decisions made about who and what gains access to resources need to be smarter and faster.
“We’ve got to get humans out of the equation,” Dean said. “They can’t react fast enough.”
Jul
22
DHS outlines new CDM task order agenda
From: Federal Times
By TONY WARE
The Department of Homeland Security, aided by the General Services Administration’s Federal Systems Integration and Management Center, has released the first request for quotation for Task Order 2 of its $6 billion Continuous Diagnosis and Mitigation initiative.
Jul
17
Why a Detection-Centric Approach to Cybersecurity is the Wrong Path for Federal
From: Nextgov
By Ken Ammon, chief strategy officer at Xceedium.
National Security Agency Director Adm. Michael Rogers recently stated, “Traditionally, we’ve largely been focused on attempts to prevent intrusions. I’ve increasingly come to the opinion that we must spend more time focused on detection.” This is a troubling statement. Surely, detection is a key component of any security program. But should our government be spending more time on detection than prevention? The answer is no.
What’s Wrong with a Detection-Centric Approach?
Jul
14
Agencies reset after missing the mark on cybersecurity goals
From: FederalNewsRadio.com
By Stephanie Wasko
Special to Federal News Radio
Despite steps forward, agencies fell short of their 2014 targets for cybersecurity. The Obama administration is pushing chief information officers to focus on priorities of continuous monitoring, phishing and malware, and authorization processes for 2015, according to the newly released cross-agency priority goals on Performance.gov.
The administration continues encouraging agencies to implement information security continuous monitoring mitigation (ISCM), which continually evaluates agency cybersecurity processes and practices, according to the report. This goal carries over from last year, where agencies saw an increase in real-time awareness that enabled them to manage risks more effectively. Despite this improvement, the administration wants more cybersecurity evaluation.
Jul
10
DHS Inspector General Embraces Continuous Monitoring
From: FedTech
The OIG runs automated security scans on 80 to 90 percent of its IT assets every 10 days and is working to boost those metrics.
The federal inspector general community is known for shining a light on wrongdoing and deficiencies outside its walls.
So, when Jaime Vargas with the Department of Homeland Security’s Office of the Inspector General agreed to share how his office is faring in the security realm, FedTech jumped at the opportunity.
Jul
07
Continuous Monitoring Meets DISA STIG Compliance
From: SIGNAL Online/AFCEA
By Chris LaPoint/Guest Blog
Thousands of military information technology security personnel probably sat down at their computers this morning and opened a spreadsheet listing hundreds of rules for Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliance. They then might have spent hours logging onto information technology devices, looking at configurations and laboriously going through them line by line to ensure each setting matched the rules in that spreadsheet.
In six months, they’ll do it all over again.
Jul
03
Achieving enterprise security to support agency services
From: FCW
By Dan Chenok, John Lainhart
Increased connectivity has transformed and improved access to government. Citizens today can connect with government agencies and leaders in ways that were unimaginable just a few years ago.
This connectivity, however, has also increased the importance and complexity of our shared risk. Ever-increasing cyberattacks on federal government networks are growing more sophisticated, aggressive and dynamic. It is paramount that as the government continually provides essential services to the public, agencies safeguard information from theft and networks and systems from attacks while protecting individual privacy, civil rights and civil liberties.
Jul
02
GSA, DHS about ready to turn the spigot on for a new set of cyber tools
From: FederalNewsRadio.com 1500 AM
By Jason Miller
The 17 vendors under the $6 billion continuous diagnostics and mitigation program are anxiously waiting for the first of six task orders under phase 2 of the program.
The General Services Administration and the Homeland Security Department are putting the final touches on the next set of contracts that will truly kickstart the federal move toward dynamic cybersecurity protections of agency networks and computers.