Near-weekly, worldwide cybersecurity threats underscore the importance of network, end-point, and application monitoring. Federal agencies have worked under a policy of continuous monitoring/continuous diagnostics and mitigation for a decade. But given the seemingly unending growth in attack vectors, the spread of internal infrastructure to commercial cloud providers, and the rise of insider threats – they’ve got to up the game into what might be called advanced cyber monitoring.
From proving bomb parts can get through front-door screenings to examining the Fort Hood shootings, the Government Accountability Office has been following the federal insider threat situation for years. Its work covers both the physical world and cyberspace.Joseph Kirschbaum, GAO director of defense capabilities and management, joined Federal Drive with Tom Temin to discuss the range of work he's overseen.
We’ll all be hearing more in the next few years about risk management, compliance and governance. The Government Accountability Office puts out the Green Book, containing standards for financial control in federal accounting.
Governance, risk and compliance (GRC) go hand-in-hand. Risk is understanding uncertainty. Compliance focuses on adhering to policies and regulations, micro and macro. Governance is key for stakeholders who put into processes and practices the whole operation of compliance.
At the Justice Department, with so many operations, to look at risk on an enterprise level, what does that mean? Risk knowledge starts with line employees and moves all the way up to policy-makers and those establishing the controls.
The world is full of risks. Federal agencies no less than commercial organizations, operating as they are in a complex and increasingly threatening world, face risks to their finances, their physical security, and their ability to do business thanks to vulnerabilities in their information technology systems.
President Donald Trump decided not to sign a new cybersecurity executive order on Jan. 31, but more specifics of the plan to secure federal and private sector networks emerge.
Mobile is critical infrastructure for government agencies. See what a panel of six federal CIOs, CISOs, and CTOs say is the solution to securing mobile.
You can find a whole chapter on risk management in a genuinely readable new book.
April Chen, the senior product manager for Iron Mountain, explains how process, protection and people need to come together to better manage records and data.
The Office of Management and Budget updated Circular A-130 with the requirement for agencies to focus on risk management when deciding on how to protect networks and systems.
Sol Cates, chief security officer for Vormetric, argues that while new policies and regulations are important, the answer to an organization’s cybersecurity problems starts with making a decision to dedicating more resources to solutions and less to filling out forms.
Over the next year, GSA will work with other agencies and industry will come up with a set of risk indicators and create access to multiple data sources for contracting officers to better determine and understand the supply chain risk of the technology they are buying.
Of the 24 CFO Act agencies — those required to have audited financial statements — about half failed to comply with the law on improper payments, according to a preliminary analysis of the IG reports by the accounting firm Grant Thornton. The low scorers include the agencies that misspent the most money: the departments of Health and Human Services, Treasury, Agriculture and the Social Security Administration.