The initial phase of the continuous diagnostics and mitigation initiative, a new program to secure government computers, concentrates on helping federal agencies identify and manage their software and hardware assets.
Organizations collect a wealth of information as part of their governance, risk and compliance programs, and security professionals are missing out on important insights if they don't take advantage of it.
In the next five years, the federal government will work to centralize for civilian agencies' networks a way of identifying cyberflaws and employing diagnostic tools to remediate them, the Department of Homeland Security's John Streufert says.
To mark his induction into the National Cyber Security Hall of Fame, Purdue University Computer Science Professor Eugene Spafford offers insights on key challenges, including overcoming senior executives' misperceptions about key issues.
Cybersecurity experts say perceived disruptions caused by the shutdown could encourage America's cyber-adversaries to increase their attacks and probes on federal government IT systems and networks.
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.
The massive initiative to deploy continuous monitoring at U.S. federal government agencies will be done in phases, with the initial rollout occurring over three years, the Department of Homeland Security's John Streufert says.
Operators of media sites should consider adoption of the cybersecurity framework in the aftermath of the recent domain name systems attacks aimed at The New York Times and Twitter.
NIST has issued a discussion draft on the cybersecurity framework ordered by President Obama. The voluntary framework is designed to help reduce risks to the nation's critical infrastructure.
In the wake of domain name systems attacks aimed at The New York Times, Twitter and other media sites, experts say security professionals in all fields should take specific mitigation steps.
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Having a CISO within an organization can help in holding down data breach costs, says the Ponemon Institute's Larry Ponemon, who, along with Symantec's Robert Hamilton, analyzes new survey results.
The National Institute of Standards and Technology has published new guidance on malware incident prevention and handling for desktops and laptops as well as enterprise patch management technologies.
IT security pros see metrics as a useful tool to validate operational performance. But many organizations' top leaders evaluate security on cost. It's time to bridge that gap.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.