• When it comes to continuous monitoring for cybersecurity – and its companion strategy of continuous diagnostics and mitigation – federal agency practitioners need to be realistic about how they apply the words “monitoring” and “continuous.”

    July 07, 2017
  • Near-weekly, worldwide cybersecurity threats underscore the importance of network, end-point, and application monitoring. Federal agencies have worked under a policy of continuous monitoring/continuous diagnostics and mitigation for a decade. But given the seemingly unending growth in attack vectors, the spread of internal infrastructure to commercial cloud providers, and the rise of insider threats – they’ve got to up the game into what might be called advanced cyber monitoring.

    July 05, 2017
  • Dr. Barry West has a title that means business. As senior advisor and senior accountable official for risk management at the Homeland Security Department, he basically has the job of seeing that the Trump administration executive order on cybersecurity is carried out at DHS.

    June 30, 2017
  • We’ll all be hearing more in the next few years about risk management, compliance and governance. The Government Accountability Office puts out the Green Book, containing standards for financial control in federal accounting.

    March 10, 2017
  • Governance, risk and compliance (GRC) go hand-in-hand. Risk is understanding uncertainty. Compliance focuses on adhering to policies and regulations, micro and macro. Governance is key for stakeholders who put into processes and practices the whole operation of compliance.

    March 03, 2017
  • At the Justice Department, with so many operations, to look at risk on an enterprise level, what does that mean? Risk knowledge starts with line employees and moves all the way up to policy-makers and those establishing the controls.

    February 24, 2017
  • Governance, risk and compliance (GRC) best practices are evolving because the amount of risk and risk types are growing and becoming more complex.

    February 17, 2017
  • The world is full of risks. Federal agencies no less than commercial organizations, operating as they are in a complex and increasingly threatening world, face risks to their finances, their physical security, and their ability to do business thanks to vulnerabilities in their information technology systems.

    February 16, 2017