NIST SP 800-137

From: Network World

By Michael Cooney

GAO: The loss of high impact” systems could cause individuals, the government, or the nation catastrophic harm

***

An underlying reason for these weaknesses is that the agencies had not fully implemented elements of their information security programs. For example, security plans did not always address controls specific to high-impact systems, those with significant security responsibilities did not always complete specialized training, systems ‘assessments were not comprehensive, and continuous monitoring strategies were incomplete.”

***

From: Partnership for Conflict, Crime and Security Research

Sofia, Bulgaria on 3 – 4 October 2016

The aim of the symposium is to bring together experts and practitioners from NATO member military agencies along with industry leaders and academic visionaries to present and discuss the state-of-the-art developments and hard challenges in cyber defence situational awareness, cyber security and the application and exploration of cyber security metrics, dynamic risk assessment, visualisation and visual analytics in cyber defence. The meeting will result in a raised awareness of our common efforts and the development of collaborative opportunities.

From: FederalNewsRadio.com | 1500 AM

Ask the CIO: Download audio

Jason Miller

***

Rod Turk, the Commerce Department’s chief information security officer, said the goal isn’t to undermine what the Homeland Security Department is providing, but rather to make sure his agency is as prepared as possible when the tools do arrive.

From: Politico | Morning Cybersecurity

By Tim Starks

With help from Alex Byers and Kate Tummarello

***

A recent bill report on the Senate legislation touts spending increases over fiscal 2016 for the U.S. Computer Emergency Readiness Team, continuous diagnostics and monitoring of federal networks, as well as Einstein, DHS’s intrusion detection system.

Read Complete Article

From: United States House of Representatives Committee on Oversight and Government Reform

Statement for the Record

Social Security Administration: Information Systems Review

Gale Stallworth Stone, Deputy Inspector General,  Social Security Administration

***

Before I review the reporting metrics that revealed significant deficiencies in SSA’s information security controls, I want to highlight the importance of the Agency’s efforts to implement NIST’s Information System Continuous Monitoring (ISCM) strategy. Continuous monitoring helps organizations maintain ongoing awareness of information security, vulnerabilities, and threats to support risk-management decisions. ISCM calls for organizations to implement tools and processes that maintain situation awareness of all systems; maintain an understanding of threats and threat activities; assess all security controls; collect and analyze security-related information; and communicate security status across the organization.