Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
On Air: Federal News Network
RSA
-
![]()
Governance, risk and compliance (GRC) go hand-in-hand. Risk is understanding uncertainty. Compliance focuses on adhering to policies and regulations, micro and macro. Governance is key for stakeholders who put into processes and practices the whole operation of compliance.
March 03, 2017 -
![]()
At the Justice Department, with so many operations, to look at risk on an enterprise level, what does that mean? Risk knowledge starts with line employees and moves all the way up to policy-makers and those establishing the controls.
February 24, 2017 -
![]()
Governance, risk and compliance (GRC) best practices are evolving because the amount of risk and risk types are growing and becoming more complex.
February 17, 2017 -
![]()
The world is full of risks. Federal agencies no less than commercial organizations, operating as they are in a complex and increasingly threatening world, face risks to their finances, their physical security, and their ability to do business thanks to vulnerabilities in their information technology systems.
February 16, 2017 From Shaun's perspective, if an agency has just discovered a zero-day threat it is about a day too late. Policies should be in place that can immediately respond to threats. Shaun also addressed budgeting and suggested that perhaps the constant refrain of increasing resources should be balanced with leveraging existing investments. Many agencies may feel secure if they comply with all the rules and regulations from security agencies, but the truth is that compliance may not be enough to prevent attacks.
December 16, 2016-
![]()
Tim Ruland’s background gives him a practical edge to the cybersecurity threat intelligence discussion. During the interview, he talked about the practical aspects of gaining a better understanding of cybersecurity threat intelligence. It's important to set priorities, which is commonly referred to as "orchestration." Terrific in theory, but one must select the correct tools to combine these prioritized tasks properly. In response to Zulfikar Ramzan’s statement about 1400 new cybersecurity companies coming on the market in the past year, Tim talked about the difficulty of picking the correct vendor for due to specific needs.
December 09, 2016 During the far-ranging discussion, Ron Carback commented on the issues associated with not sharing information. If all agencies act as silos of information, we will see duplicated efforts across civilian and military agencies. This has many implications, including threats not being handled on a timely basis, the extra cost, and wasted talented when it comes to rebuilding.
December 02, 2016Federal News Radio convened a panel with a diverse group of cybersecurity professionals to talk about best practices for gathering threat intelligence for today’s cybersecurity in government.
November 28, 2016The viewpoint that RSA's chief technology officer Zulfikar Ramzan brought to the table is the ability to put the cybersecurity threat intelligence discussion within agencies in perspective with the commercial world. He reinforced the concept of a dichotomy in the world of threat intelligence. There is a balance in the need for trust and speed, but often times agencies require protracted reviews.
November 22, 2016-
![]()
The war on poverty has not yet reached organizations trying to do a good job of cybersecurity. That's according to researchers at security company RSA. They found that way too many organizations, including federal agencies, have a cybersecurity deficit. Rob Sadowski, the marketing director of technology solutions at RSA, provides insight on Federal Drive with Tom Temin.
July 13, 2016 More than 20 years after publication of the dog-on-the-Internet cartoon, identity verification and authentication still present major challenges to large organizations, including federal agencies.
July 06, 2016“We really focus on that endpoint protection,” Steven Hernandez, CISO, acting CTO and director of information assurance for the Office of Inspector General at HHS said on Federal News Radio’s In Focus. “Not only, at some point, that endpoint probably had to handle keys or certificates to do that job, to get that encryption in place – that’s very helpful for us – but also for anything that we run, that’s where we want the encryption to really take place. Because I guarantee you at some point that magical network encryption box you have is going to fail, or a network engineer is going to make a mistake and going to route around it, or your cloud provider is going to make a mistake and all of a sudden your information is in the public network. And so, as a custodian of the data, at that application layer, sometimes at that session layer, that’s where we really focus our efforts.”
May 20, 2016“In the end it’s behavioral,” William Yurek, program director of cyber intrusion investigations at the Defense Criminal Investigative Service said on Federal News Radio’s In Focus. “People will always be the weakest link at any level. They will always be what we have to key on. Unfortunately, we forget about that. Behavioral analytics is an attempt to get us back to the idea of looking at how people behave, in the simplest sense. But how we can use that in both the predictive sense, and frankly, in my viewpoint as an investigator often times we come in and it’s kind of too late. But there are behavioral factors you can use to analyze bad guy activity and try and create a behavioral finger print of a human being.”
May 13, 2016“The reality is that you can’t be reactive anymore,” Zulfikar Ramzan, chief technology officer for RSA, said on Federal News Radio’s In Focus. “A reactive posture is what gets you into trouble in the long run. Now the good news is that even though there are these zero day vulnerabilities and sophisticated attackers, at some point in the course of every attack, someone utilizes a known tool or some known piece of infrastructure simply because it’s too expensive for attackers to do everything fresh for the first time.”
May 05, 2016
