Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
People exercise risk management, consciously and unconsciously, every day. Many of us drive on a daily basis. Some speed, and risk the chance of getting caught, while others are more conservative and drive the exact speed limit. We base our decision on whether or not to exceed the speed limit on the information available to us at the time, including our knowledge, past experiences, or the conditions we see in front of us. We weigh the risks against impacts and consequences, making decisions based upon our tolerance for the outcomes. The same is true for federal cyber risk management. Securing federal information and assets in cyberspace is the primary driver behind cybersecurity. Even so, other factors help define risk, including the potential for negative publicity if a cyber breach occurs, the impact to budget/performance plans if FISMA grades fall short, or the potential for investigations or congressional hearings if the burning issue of the day burns a bit too bright for too long. Federal cyber risk management fundamentally boils down to making risk decisions based upon an agency\'s risk tolerance - and the drivers behind an agency\'s tolerance vary across the federal government. Risk is defined as the likelihood of a future event that may have unintended or unexpected consequences. Federal agencies make the best cyber risk management decisions by using data and information to evaluate the agency\'s strengths and weaknesses for delivering on its cyber mission in the context of potential threats. Agencies must use information and data from various disparate sources across the enterprise to make these decisions, including audit log information, vulnerability data, asset information, the agency\'s regulatory compliance status, external and internal threat activity, human capital risks to the cybersecurity mission, and many more. As challenging as it may be for agencies to consume large volumes of disparate data, it is a challenge that is essential to overcome for agencies to make the best cyber risk management decisions. Is this achievable? Absolutely. The business intelligence movement established the foundation allowing agencies to minimize risk exacerbated by ad-hoc decision-making. Leveraging business intelligence capabilities for cybersecurity enables agencies to aggregate data across technical and organizational stovepipes and to provide agency cybersecurity leaders with mechanisms for making informed, risk decisions. By better understanding the cyber landscape, federal cybersecurity leaders can - much like our speeding driver example - understand \"how fast\" to drive and make better investment decisions when addressing enterprise cybersecurity risks.
Your agency\'s cybersecurity marching orders may be changing. Former cyber czar Melissa Hathaway joined In Depth with Francis Rose with the latest analysis of bills in Congress that could change the nation\'s cybersecurity mandate. She tells Federal News Radio that it\'s down to two bills and one could have an impact on the role of CIOs.
DHS will oversee and provide assistance to civilian agencies to improve how they protect their computer networks. White House cyber coordinator Schmidt says the goal of the memo is to make sure agency roles and responsibilities are clear. Schmidt also calls for more valuable public-private partnerships.
More and more agencies are gearing up to deploy continuous monitoring as a means of complying with FISMA. What is it, and will it come to your agency soon?
VA plans on implementing software to monitor desktop computers every 24 hours. NASA is developing a concept of operations plan to move to real-time oversight. OMB mandated agencies know the status of their networks in real time by November.
Senator Joseph Lieberman thinks his cybersecurity bill will be the one to cross the finish line to the President\'s desk.
Senator Tom Carper tells Federal News Radio there is a lot of room for improvement.
With as many as 40 different cybersecurity bills in various stages of consideration on Capitol Hill, which one will make it to President Obama\'s desk? The chairman of one powerful Senate committee is betting his cybersecurity measure will win approval in the Senate, and eventually earn the President\'s signature before mid-summer.
Senate leaders pledge to pass a comprehensive cybersecurity bill this year. Sen. Lieberman promises a hearing and markup of the legislation before the end of June. Industry experts are concerned over the role DHS will play in regulating critical infrastructure.
Thursday, June 17th The sophistication of security breaches of federal information systems and reports of improper access to these systems continues to grow at an alarming rate. Clearly, there is concern about and a desire to improve the security of these critical infrastructures. So where and how do we begin to effectively safeguard today\'s systems from cyber threats and increasing system vulnerabilities? c
The House Cybersecurity Caucus says new provisions \"will establish strong, centralized oversight to protect our nation\'s critical information infrastructure and update our comprehensive policy for operating in cyberspace.\" But will they? We ask Jim Lewis with CSIS
Data security threats continue to increase in number and sophistication. We learn more about \'Building an Architecture of Trust\' from Don Proctor, senior vice president for cyber security at Cisco.
House passes Defense Authorization Bill. Learn more in our cybersecurity update.
Former e-gov administrators Karen Evans and Mark Forman give their insight as to how federal cybersecurity management is changing now that President Obama\'s 60 Day Cyber Security Review is over a year old. Is FISMA a thing of the past? Find out by reading more.