In the next five years, the federal government will work to centralize for civilian agencies' networks a way of identifying cyberflaws and employing diagnostic tools to remediate them, the Department of Homeland Security's John Streufert says.
With Congress back in Washington, lawmakers are focused on Syria, the federal budget and the debt limit. So cybersecurity is taking a backseat. Will that situation change soon?
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.
The massive initiative to deploy continuous monitoring at U.S. federal government agencies will be done in phases, with the initial rollout occurring over three years, the Department of Homeland Security's John Streufert says.
As the federal government ramps up deployment of continuous monitoring, agencies should significantly reduce the time to certify and accredit IT systems and detect vulnerabilities, says the Defense Department's Robert Carey.
Breach statistics for 2012 show DDoS attacks dramatically increased in all sectors, says Verizon's Dave Ostertag. "If your organization, company or agency has a presence on the Internet, you're a potential victim now."
NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.
U.S. banks have been hit by a new wave of distributed-denial-of-service attacks, and experts say the botnet behind the attacks is getting stronger. Learn about the latest developments.
Malware, DDoS and mobile security aside, one of the biggest risks is organizations' lack of visibility into specific threats. Don Gray of Solutionary explains the need for actionable threat intelligence.
Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
It's as much about people as it is technology for organizations to successfully implement a continuous monitoring program, says George Schu, senior vice president at Booz Allen Hamilton.
Both candidates have made fleeting references to cybersecurity, but neither has addressed the matter in detail. How might the IT security profession be impacted by a President Romney or a second-term President Obama?
NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.