An A-B-C Approach to Security Compliance Challenges

When it comes to enhancing their cybersecurity postures, federal agencies have to wade through an entire alphabet soup of regulatory compliance guidelines. From the RMF (Risk Management Framework) to FISMA (Federal Information Security Management Act) and DISA STIGs (Defense Information Systems Agency Security Technical Implantation Guides), there are a number of requirements that agencies must implement to satisfy the government’s definition of a secure environment.

Fed IT Security Hardens, but User Authentication Remains Weak

On February 27, FISMA presented its annual report to Congress. The report (compiled by the OMB) provides metrics on federal cybersecurity incidents, efforts to mitigate them, and progress in implementing cybersecurity policies and programs.

The good news is that there is progress to report, with nearly 70,000 information security issues reported in FY’ 2014, up 15% over the previous year – there is still work to be done.

Technically News - 12/9

This week in Technically News: Battling Malware and Madware; Is PaaS the Savior of the Federal Datacenter Consolidation Initiative; Symantec Gets FISMA Certification for Shared Service Products; 7 IT Strategies for 2014; Less Malware Predicted for 2014 But New Tactics Emerge.

The Best Ways to Eliminate Boredom and Terror on Your Network: Part 3

The first three practices are all about helping you identify all systems under management, standardizing the way you manage these devices, and protecting them from harmful changes. Let’s now build upon this by talking about the remaining two and why they are important. These practices support the thesis that you can eliminate the leading cause of network downtime: simple human error.

Technically News - 9/30

This week in Technically News: The State Worker: Lessons from Ohio’s State Tech Project; States Test New Credentialing Approaches; Observations From This Year’s NSA Open Source Industry Day; GAO: Agencies Can’t Get FISMA Just Right; CIOs See Big Data as Internet-like Innovation Platform for Government; Could Agencies Avoid Disaster in a Nirvanix-like Cloud Shutdown?

GovDefenders Wednesdays | The Hacker's Place in Government Cybersecurity

Andrew "weev" Auernheimer will spend the next 41 months in federal prison. His crime? In 2010, he exposed a security flaw in AT&T's iPad user database, gaining access to the information of over 100,000 people. I want to ponder this question I asked myself after reading about Andrew: what role can public hackers play in government cybersecurity?