NIST SP 800-137

From: CIO

One of the leaders of Homeland Security’s Continuous Diagnostics and Mitigation program shares his strategy for deploying real-time security and situational awareness across the government.

By Kenneth Corbin

WASHINGTON – As the federal government gradually moves to an always-on, cloud-centric IT operation, senior technology officials work to ensure that agencies’ security posture can keep pace.

The feds broadly have been trying to move beyond the days when security was a check-box, compliance-centered activity, and into an era of real-time monitoring of networks and systems.

From: GCN

By William Jackson

With cyberspace now recognized as a military domain alongside land, sea, air and space, nations are gearing up to wage war and defend themselves with equal demonstrations of power and technology against enemies in the cyber domain.   

With cyberwar comes the threat of new forms of espionage, as well as sabotage conducted within both the information systems and control systems that form the interface between the physical and cyber worlds. Security, both physical and cyber, traditionally has been outward facing. But espionage and sabotage often are the domains of the trusted insider, the agent operating from within.

From: InformationWeek/Government

Federal programs promoting the use of risk dashboards can boost real-time visibility, but only if they are used correctly.

Dashboards are used throughout business and industry to provide a measure of success. A correctly designed and implemented dashboard can provide critical information to an organization about performance and risk measures in near-real time. The dashboard information should drive the organization to excel in meeting goals while minimizing risk and provide early warnings of possible problems. Dashboards are a good thing when used correctly, but how do we know if we are measuring the correct indicators?

From: Bright Talk

 John Colley, Managing Director, (ISC)2 EMEA, Speaker: Josyula Rao, Senior Manager, Security Research Scientist

From: FedScoop

By Greg Otto

A new survey from the SANS Institute claims there is a lack of awareness when it comes to the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program, with increased staffing, training and word-of-mouth needed for meaningful progress.

The survey, which was given to federal, state and local security professionals, found that the only people with working knowledge of the program were chief information officers, chief information security officers, chief technology officers or other high-level security directors.

From: NIST

The National Institute of Standards and Technology (NIST) has issued for public comment a draft update of its primary guide to assessing the security and privacy controls that safeguard federal information systems and networks. Public comments are due by Sept. 26, 2014.

NIST publishes two complementary publications that together provide its basic guidance and recommendations for ensuring data security and privacy protection in federal information systems and organizations, a role assigned to NIST under the Federal Information Security Management Act (FISMA). The publications are so famous they are generally known just by their numbers.

From: CIO

If people start accessing systems or the data in them more often, you may have a problem

Hamish Barwick (CIO)

Losing business to a competitor because one of your trusted employees has walked out the door with sensitive information doesn’t need to happen if you look for the signs and put controls in place, according to a panel of cyber security experts.

Cisco Australia hosted a discussion on cyber security in Sydney this week.

According to Computer Emergency Response Team (CERT) Australia’s technical director, Doctor Jason Smith, many organisations CERT Australia works with become victim to an insider because their network is misconfigured or not monitored.