Blog Posts Tagged with "FISMA"
Howard Schmidt on Federal Cyber Security Priorities
March 27, 2012 Added by:Headlines
"Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management," said Schmidt...
Comments (0)
NIST Draft Addresses Security Threats and Privacy Controls
March 07, 2012 Added by:David Navetta
NIST notes that many of the changes were driven by particular security issues and challenges requiring greater attention including, insider threats, mobile and cloud computing, application security, firmware integrity, supply chain risk, and advanced persistent threats...
Comments (0)
DHS's Mark Weatherford on the Cybersecurity Act of 2012
February 23, 2012 Added by:Headlines
"The proposed legislation would enable DHS to be more effective and efficient in its protection of federal networks by clarifying DHS’ authorities in this space and enabling better sharing of cybersecurity information from other federal agencies to DHS..."
Comments (0)
FTC Removed Security Protocols from Website Contract
February 21, 2012 Added by:Headlines
The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...
Comments (0)
Roadmap to Exploitation: The OIG Imperative to Publish or Perish
January 23, 2012 Added by:
The majority of OIG organizations publish highly sensitive information as if they were assisting the agency. Just the opposite. They are ensuring a more rapid penetration of cyber defenses. Whose side of the equation here are you on? Why does this need to be public information?
Comments (9)
GSA Final Rule Requires Vendor Proof of Security
January 10, 2012 Added by:Headlines
The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...
Comments (1)
GAO: Federal Security Incidents Increased 650%
October 04, 2011 Added by:Headlines
"Weaknesses in information security policies and practices at 24 major federal agencies continue to place... sensitive information and information systems at risk... reports of security incidents from federal agencies are on the rise, increasing over 650 percent over the past 5 years..."
Comments (0)
Detailed FISMA Logging Guidance Continued
April 18, 2011 Added by:Anton Chuvakin
Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...
Comments (0)
Detailed FISMA Logging Guidance
April 14, 2011 Added by:Anton Chuvakin
FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...
Comments (0)
Microsoft Slams Google Over FISMA Certification Claims
April 12, 2011 Added by:Headlines
"Google can’t be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application?"
Comments (0)
If Not The PCI Standards, Then What?
March 08, 2011 Added by:PCI Guru
As a new technology matures its security posture matures. With a more mature security posture, the lower the likelihood that a security incident will occur. However, the time it takes for that security maturity to occur can take quite a while and that is where organizations are at the highest risk...
Comments (0)
Proactive and Continuous Compliance? For Real?
February 24, 2011 Added by:Anton Chuvakin
Is continuous compliance a reality at your organization? Are you doing something 9, 6, 3 months before the annual PCI DSS assessment? Do you meet the auditor once a year? Or do you make an effort to stay compliant?
Comments (0)
On The Frontlines: Cloud Computing in Government
October 30, 2010 Added by:Kevin L. Jackson
Showcasing the positive progress of Federal Government Agencies and their strategic partners in meeting the goals of their Mission Programs. This issue, Cloud Computing in Government, features the Trends and Best Practices on Cloud Computing in Government...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox