NIST SP 800-137

From: Press Release

Col. Kim M. Montfoort, retired Air Force officer and technical solutions lead for Telos Corporation, has been awarded the Armed Forces Communications and Electronics Association’s (AFCEA) Women’s Appreciation Award. The award is given to honor “AFCEA members who have gone above and beyond to further the careers of women.” She was recognized at an awards ceremony held at the AFCEA West Conference on February 22, in San Diego, Calif.

With 33 years of military service and six years of industry experience, Montfoort was selected for recognition specifically for her work mentoring young business and government professionals, and supporting and promoting science, technology, engineering and mathematics (STEM) scholarships and careers for female students in her local community’s high schools and colleges.

From: FCW

By Dan Velez

***

It is unlikely that agencies are overrun with insider actors, but following a series of high profile insider threat-related breaches, enhancing insider threat-readiness is a top priority for an agency’s cyber posture. Accountability and deliverables have been outlined in several executive orders from NISPOM (the National Industrial Security Policy Operating Manual) to the National Insider Threat Policy. These policies have been enacted to strengthen the protection and safeguarding of classified information by establishing common expectations, institutionalizing best practices and enabling flexible implementation. As a result, agencies are investing significant resources to address insider threats and ensure compliance with these new regulations.

From: FCW

By Chase Gunter

Deficient IT security controls at a core data center put the Department of Interior at risk of exposing sensitive and personally identifiable information, according to an inspector general report released Feb. 17.

The report zeroed in on the implementation of continuous diagnostics and mitigation tools, a set of software that is supposed to help monitor network security and keep current with security fixes. The CDM program, operated by the Department of Homeland Security, helps agencies acquire and onboard commercial cybersecurity tools.

Read Complete Article

From: McClatchyDC.com

By Tim Johnson

Once focused only on the safety of equipment and computers they directly controlled, 3 out of 5 network security pros now realize they have to worry about any connected devices brought through the doors of their workplaces, the survey found.

Yet only 8 percent said they could continuously monitor and detect such devices.

Read Complete Article

From: CSO

By Ilia Kolochenko

What to expect from and how to resist the fastest growing sector of cybercrime in 2017?

***

Attackers can easily rent a Ransomware-as-a-Service (RaaS) infrastructure for as low as $39.99 per month, making up to $195,000 of monthly profit without much effort in comparison to other niches of digital fraud and crime. The business of ransomware has become so attractive that some cybercriminals don’t even bother to actually encrypt the data, but just extort money from their victims with fake malware. The victims are so scared by media stories about ransomware, combined with law enforcement agencies’ inability to protect them or at least to punish the offenders, that they usually pay.

From: The Maritime Executive

By Travis Howard and José de Arimatéia da Cruz

***

Technical controls for combating the insider threat become more difficult, often revolving around identity management software and access control measures. Liang and Biros note two organizational factors to influencing insider threats: security policy and organizational culture. Employment of the policy must be clearly and easily understood by the workforce, and the policy must be enforced (more importantly, the workforce must fully understand through example that the policies are enforced). Organizational culture centers around the acceptance of the policy throughout the workforce, management’s support of the policy, and security awareness by all personnel. Liang and Biros also note that access control and monitoring are two must-have technical security controls, and as previously discussed, the Navy clearly has both yet the insider threat remains a primary concern. Clearly, more must be done at the organizational level to combat this threat, rather than just technical implementation of access controls and activity monitoring systems.