Cybersecurity

March 29, 2019
How to Best Manage Your System’s Assets premium
Many government agencies, particularly large agencies, face enormous obstacles in simply compiling and inventory of the software and hardware under in their system. The difficulty is understandable: I know of one agency responsible for 220,000 makes and models of medical devices (note that this number refers to “makes and models” only. The actual number of […]
premium
don.maclean@dlt.com'
March 28, 2019
Incident Response & Forensics premium
Every government organization has been the victim of a cybersecurity incident. These can range from mundane incidents such as a user leaving their desk without locking their screen, up to a major breach such as the OPM hack in which hackers stole comprehensive and confidential information on millions of government employees and contractors. Security personnel, […]
premium
don.maclean@dlt.com'
March 27, 2019
The Art of Access Management premium
Identity and Access Management (IAM) is the art and science of ensuring that someone is who they say claim to be. This ensures that they have the correct level of access to systems and data – enough to do their job, but no more. IAM systems cover a wide range of features, but typically include: […]
premium
don.maclean@dlt.com'
March 26, 2019
Common Compliance Conundrums premium
Cybersecurity assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA), passed in 2002.  The law’s broad scope included a mandate to the US National Institute of Standards and Technology (NIST), charging it to create methods and standards to assess and optimize the cybersecurity posture […]
premium
don.maclean@dlt.com'
March 25, 2019
Contingency Planning Isn’t Fun and Games. But Should it Be? premium
“Hope for the best, plan for the worst”. This ancient principle still applies, especially for systems with high availability requirements. Principles are easy to quote, but how does an organization implement them effectively? In its vast compendium of requisite security controls, NIST has created an entire category of requirements for contingency planning. Federal agencies are […]
premium
don.maclean@dlt.com'
March 22, 2019
As Cyber Threats Worsen, Market Opportunities Grow premium
Cybersecurity endures as a top priority for federal agencies, the Trump administration, and Congress. So whatever other budget battles that might lie ahead, cyber will remain an important opportunity. In fact, two recent reports ought to scare the heck out of not just agency managers but pretty much every American. In January the intelligence community […]
premium
brian.strosser@dlt.com'
March 22, 2019
The Internet of (Secure) Things premium
The “Internet of Things”, or IOT: we’ve all heard the term, but what does it really mean? More importantly, how do we secure all of these … “things”? First, a stab at defining the term and its components. The term “things” really refers to a broad class of devices that have one of two functions: […]
premium
don.maclean@dlt.com'
March 21, 2019
The Importance of Mobile Security premium
Cell phones, tablets, wearables, and other mobile devices dominate our lives. I personally bring my trusty iPad to everywhere, and, like everyone else, have my phone with me at all times. The biggest attack surface for any enterprise, then, may well be these devices. How can we assess the threats? What are the components in […]
premium
don.maclean@dlt.com'
March 20, 2019
Data Security: A Closer Look at DLP premium
Earlier this month, I wrote about the Zero Trust model for security. As I proceed through these daily blogs, I find many of them complement the ZT model; data security is one. Outside the IOT world, the goal of cybersecurity is to protect data. The Zero Trust model recognizes this and focuses on keeping security […]
premium
don.maclean@dlt.com'
March 19, 2019
Patching Up Configuration Management premium
Configuration management is a many-headed beast, but the biggest beast with the sharpest teeth is the patch monster.  Every day, a new vulnerability, a new patch – and an old decision:  patch and maybe break something (I’m looking at you, Spectre and Meltdown), or stay online and be vulnerable.  This model – “panic patching” — […]
premium
don.maclean@dlt.com'