"Why are agencies forced to pay twice to C&A systems?" said the exasperated and cash-strapped Federal IT exec. "If agency A wants to use a system from agency B - a system that has already been C&A'd - then agency A needs to pay for a completely new C&A. If we're spending more than 20 percent of our cyber security budget on C&A - and the average C&A costs $167,643 - shouldn't we look for efficiencies?" An observation over lunch was quickly validated by other Feds - IT execs battling with the double-headed budget and security dragon. Curious stuff. The FISMA C&A reciprocity riddle set me on a fool's errand to put a dollar figure on the cost of C&A redundancy. That said, it opened a new window on OMB's lack of transparency - quite astonishing in this era of open government.

This week SonicWall announced its TZ and NSA product lines achieved the latest in government certification requirements, having earned the Common Criteria (CC) Evaluation Assurance Level 4+ (EAL4+) certification (ISO 15408). The new EAL4+ certification is an addition to the already achieved FIPS140-2 Level 2 certification (see article here). As any federal IT engineer will tell you, having the box checked on government requirements for compliance is critically for government acceptance and implementations.

Taking a look at the latest quarterly update on security from Symantec, there are still some basic steps that system administrators can do to protect their network and endpoints. These are the low-hanging fruit that can help prevent attacks and comprise of confidential data. Education is still one of the top three returns on investment on the security side. An educated end-user will not click on links in emails that aren’t from trusted parties, open password-protected zip files and run their contents, and question suspicious emails with the help desk. An educated management team understands that Security is not just a line item that can be eliminated or reduced. As treats become more sophisticated at penetrating networks and endpoints, increasingly more sophisticated tools are needed to prevent, find, and remove these threats.

In July 2005, two of the largest brands in technology came together to create the world's fourth largest software company overnight. The belief of providing a solution to both secure a customer's data and make it more available was a unique concept created by the Symantec acquisition of Veritas. Since that time, Symantec has continued to take advantage of their position in the market by fortifying their strength in the data security market with further acquisitions which included BindView, Altiris, Vontu, MessageLabs, Gideon Technologies, GuardianEdge, PGP, and now, VeriSign.

After years of public acrimony and a 6 month trial, San Francisco IT administrator Terry Childs has been found guilty of hijacking the city’s computer system.  Cyber-Ark has always maintained that this was more than simply a case about a rogue employee, but in fact an example of an organizational failure in managing and effectively taking ownership of privileged accounts and identities.  At the end of the

The adaptive nature of threats to information security has proven to be one of the greatest challenges to personal, business, and government adoption of computing in general, and communication of digital information over the public Internet, in particular. Today we are not only concerned with theft of private or sensitive information created and stored on ubiquitous personal computing and communications devices, we also have to be concerned with the security of our information while it is in transit and when it is in storage at its destination.