Nov
19
From: GCN | Industry Insight
By John Landwehr
***
Securing personal information in the digital age requires a similar multilayered approach. No matter where information is located — on the network or a personal computer — multiple layers of security must be in place to keep threats at bay. And effective cybersecurity systems merge three dimensions of content security: content management, rights management and continuous monitoring.
***
Nov
16
From: US Department of State, Office of Inspector General
What OIG Audited
The Office of Inspector General (OIG) conducted this audit to assess the effectiveness of the International Boundary and Water Commission, United States and Mexico, U.S. Section (USIBWC), information security program in accordance with the Federal Information Security Management Act (FISMA). Specifically, OIG assessed USIBWC’s information security program and related practices for risk management, configuration management, incident response and reporting, security training, plan of action and milestones, remote access management, identity and access management, continuous monitoring, contingency planning, oversight of contractor systems, access controls, personnel security, and physical and environmental protection.
Nov
10
From: eWeek
By Nathan Eddy
One of the most significant origins of endpoint challenges stem from federal employees using personal devices for work, according to the report.
Federal agencies are facing an explosion in the both the volume and variety of network endpoints, providing far more opportunities for malicious access to government networks, according to a MeriTalk and Palo Alto Networks survey of 100 U.S. Federal IT managers and 100 Federal employees.
The study found 44 percent of endpoints are unknown or unprotected and that barely half of federal government survey respondents have taken critical steps to secure endpoints, such as scanning for vulnerable or infected endpoints.
Nov
06
From: US-CERT
Welcome to the DHS Continuous Diagnostics and Mitigation (CDM) Training Program website.
The information on this website is intended for government cybersecurity professionals who are participating in the DHS CDM Program and for cybersecurity professionals who would like more information on implementing a continuous monitoring program.
The CDM Training section provides information on upcoming workshops and webinars.
The CDM Guides section provides readiness and implementation training information.
The CDM FAQ section provides a list of questions and answers regarding the CDM Program.
The CDM Resources section provides a list of documents and other helpful resources related to the CDM Program.
Nov
05
From: US GAO | WatchBlog
Thirteen people were killed and dozens more injured when a gunman opened fire at Fort Hood, Texas, 6 years ago today. In what’s known as an insider threat, the gunman, a Department of Defense employee, had authorized access to the military base. Today’s WatchBlog looks at how DOD fights against various types of insider threats, whether they’re attacks like the Fort Hood tragedy, the Washington Navy Yard shooting, or the unauthorized release of classified information.
The danger within
Nov
02
From: FederalNewsRadio.com | 1500 AM
By Emily Kopp
Since a contract employee shot and killed 12 colleagues at the Washington Navy Yard two years ago, the government has inched cautiously toward fulfilling a key recommendation: establish insider threat programs. Some companies that do business with the government are far ahead and waiting for agencies to catch up.
Defense officials now consider aerospace giant Lockheed Martin’s program as a model.