NIST SP 800-137

From: Homeland Security Today

By: Thomas Gann, vice president, public policy, McAfee

A recent GAO audit report pointed out something that should come as no surprise: federal agencies face several challenges when it comes to cybersecurity. The challenges GAO cited include: Threats from both intentional and unintentional hacks; implementing risk-based cybersecurity; proper identity management; access control, data breaches; and, improving incident response.

***

The GAO’s audit rings most true for civilian agencies. However, programs like Continuous Diagnostics and Mitigation (CDM) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, show the federal government is taking the right steps to strengthen its cybersecurity posture.

From: CIO (New Zealand)

Or, how the best defence strategy of rugby can be applied to protect New Zealand enterprises from new ‘advanced threats’

Edited by Divina Paredes (CIO New Zealand)

Kiwis love rugby, and know that on the field, the best defence is complemented by a strong attack. This tried and tested sporting strategy also now applies to protecting New Zealand enterprises from the new “advanced threats”.

***

***

From: Association of Corporate Counsel

Paul A. Ferrillo and Jeffrey D. Osterman | Weil Gotshal & Manges LLP

***

From a data security perspective, though, there are certain security measures that should be investigated by potential cloud customers before they make the decision to move their data to a cloud-based environment. This area is highly technical (and thus security professionals and cyber-governance and cybersecurity lawyers should also be consulted before making this decision), but we try below to boil down these measures into objectives for directors and officers to consider when asked to finally approve a move to the cloud:

From: Armed With Science | The Official U.S. Defense Department Science Blog

by Yolanda R. Arrington

Defense Department Chief Information Officer Terry Halvorsen is leading a charge to modernize the department’s information technology-cyber enterprise using every available tool, especially those in commercial markets, a defense official in the CIO’s office said.

David A. Cotton, acting deputy CIO for information enterprise, recently spoke to an audience at the FedScoop 2015 Mobile Gov Summit about how DoD is leveraging the power of commercial IT to give its workforce access to information at the point of need.

***

From: CSO

Full protection for FireEye customers requires a set it and forget it approach to security, make too many changes and the liability shield is gone

By Steve Ragan

This week, Salted Hash has examined the Department of Homeland Security’s (DHS) SAFETY Act, and FireEye’s promise to customers that their certification under the act provides them protection from lawsuits or claims alleging that the products failed to prevent an attack.

From: eWeek

By Sean Michael Kerner

Even though RHEL 7 is the latest version, the Linux vendor continues to add new features to RHEL6.x.

Linux vendor Red Hat on May 5 released its Red Hat Enterprise Linux (RHEL) 6.7 beta, providing users with a preview of features and capabilities that will become generally available later this year.

***

RHEL 6.7 also provides users with improved Microsoft Windows operating system interoperability, by way of enhancements added to the Red Hat System Security Services Daemon. Additionally, the new SCAP (Security Content Automation Protocol) Workbench now provides users with a graphical user interface to make the SCAP tool easier to use. SCAP provides a framework for creating a standardized approach for maintaining secure systems.

From: CIO

“Ultimately, how actual human users interface with the outputs of large data analytics will greatly determine if the technology is adopted or deemed to produce useful information in a reasonable amount of time,” says Gartner research director Eric Ahlm.

Divina Paredes (CIO New Zealand)

Although security spending is at an all-time high, security breaches at major organisations are also at an all-time high, reports Gartner.

The impact of advanced attacks has reached boardroom-level attention, and this heightened attention to security has freed up funds for many organisations to better their odds against such attacks, says Eric Ahlm, research director at Gartner.

From: Drexel University | LeBow College of Business and the Global Interdependence Center

33rd Annual Monetary and Trade Conference

Agenda

See, GIC’s Annual Monetary and Trade Conference Part 2

See, GIC’s Part Annual Monetary and Trade Conference Part 1