When it comes to continuous monitoring for cybersecurity – and its companion strategy of continuous diagnostics and mitigation – federal agency practitioners need to be realistic about how they apply the words “monitoring” and “continuous.”
Near-weekly, worldwide cybersecurity threats underscore the importance of network, end-point, and application monitoring. Federal agencies have worked under a policy of continuous monitoring/continuous diagnostics and mitigation for a decade. But given the seemingly unending growth in attack vectors, the spread of internal infrastructure to commercial cloud providers, and the rise of insider threats – they’ve got to up the game into what might be called advanced cyber monitoring.
Dr. Barry West has a title that means business. As senior advisor and senior accountable official for risk management at the Homeland Security Department, he basically has the job of seeing that the Trump administration executive order on cybersecurity is carried out at DHS.
We’ll all be hearing more in the next few years about risk management, compliance and governance. The Government Accountability Office puts out the Green Book, containing standards for financial control in federal accounting.
Governance, risk and compliance (GRC) go hand-in-hand. Risk is understanding uncertainty. Compliance focuses on adhering to policies and regulations, micro and macro. Governance is key for stakeholders who put into processes and practices the whole operation of compliance.
Governance, risk and compliance (GRC) best practices are evolving because the amount of risk and risk types are growing and becoming more complex.
From Shaun's perspective, if an agency has just discovered a zero-day threat it is about a day too late. Policies should be in place that can immediately respond to threats. Shaun also addressed budgeting and suggested that perhaps the constant refrain of increasing resources should be balanced with leveraging existing investments. Many agencies may feel secure if they comply with all the rules and regulations from security agencies, but the truth is that compliance may not be enough to prevent attacks.
Tim Ruland’s background gives him a practical edge to the cybersecurity threat intelligence discussion. During the interview, he talked about the practical aspects of gaining a better understanding of cybersecurity threat intelligence. It's important to set priorities, which is commonly referred to as "orchestration." Terrific in theory, but one must select the correct tools to combine these prioritized tasks properly. In response to Zulfikar Ramzan’s statement about 1400 new cybersecurity companies coming on the market in the past year, Tim talked about the difficulty of picking the correct vendor for due to specific needs.
During the far-ranging discussion, Ron Carback commented on the issues associated with not sharing information. If all agencies act as silos of information, we will see duplicated efforts across civilian and military agencies. This has many implications, including threats not being handled on a timely basis, the extra cost, and wasted talented when it comes to rebuilding.
Federal News Radio convened a panel with a diverse group of cybersecurity professionals to talk about best practices for gathering threat intelligence for today’s cybersecurity in government.
The viewpoint that RSA's chief technology officer Zulfikar Ramzan brought to the table is the ability to put the cybersecurity threat intelligence discussion within agencies in perspective with the commercial world. He reinforced the concept of a dichotomy in the world of threat intelligence. There is a balance in the need for trust and speed, but often times agencies require protracted reviews.
This week's interview is with Dan Lockley, the Technology Transfer Program Director for NASA. During the discussion he expands upon the ways NASA seeks out ways to share their information.
The In Focus mini-series examines more closely issues and topics of importance to federal agencies and contractors. Each month, Federal News Radio speaks with key stakeholders to better understand challenges and opportunities. This month focuses…
This week's guest is Paula Braun, Entrepreneur in Residence for the CDC Mortality Project. Paula has both a master’s degree in mathematics and a master’s degree in analytics. She is the ideal person to apply analytics to the world of big data.