-
PING with Jane Scott Norris
In an interview with Information Security magazine, Jane Scott Norris, Department of State's first CISO, offers some insight on what it takes to become a CISO. Information Security maga
-
Making sense of the maze
The program director of regulatory compliance for the Object Management Group discusses a new project known as Compliance Global Regulatory Information Database, which should help businesses manage regulatory compliance demands across international b... Executive Briefing
-
Best practices in Internet security: The Access Certificates for Electronic Services Program
The Access Certificates for Electronic Services Program (ACES) brings multiple PKI service providers together into an interoperable public key infrastructure (PKI) for use by government entitites and the private sector. Feature
-
Ensure that legal responsibilities are clear -- Especially when trouble strikes
Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Book Chapter
-
Robby Ann Hamlin
Information Security maga
-
ID theft and national security
Check out what some ITKnowledge Exchange members had to say about this controversial issue. Security Speak-Out
-
Do you speak geek: Respecting the letter of the law
Test your knowledge of security laws and regulations. Quiz
-
Quiz: Compliance
Test your knowledge of legislation and standards. Quiz
-
Nothing funny about SCADA and ICS security
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet. News | 06 Feb 2012
-
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say. News | 21 Dec 2011
-
Draft report highlights U.S. government satellites under attack
Two U.S. government satellites came under attack four times in 2007 and 2008, according to a congressional commission. News | 27 Oct 2011
-
NERC CSO Weatherford accepts DHS position
Mark Weatherford will focus on cybersecurity operations and communications resilience at the Department of Homeland Security. News | 20 Oct 2011
-
DHS cloud computing: Homeland Security’s model private cloud strategy
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings. News | 05 Oct 2011
-
Breach fears push federal cloud computing initiative to private cloud
Trapped between budget constraints and security fears, government agencies are increasingly opting for private clouds. News | 20 Sep 2011
-
Standardizing federal security regulations easier said than done
While Oregon officials have had success with a cross-government compliance program, standardizing federal requirements is another matter. News | 07 Sep 2011
-
State IT security model for IRS compliance could work at federal level
Oregon's model for compliance with IRS information security requirements could be used for cross-agency security at the federal level. News | 16 Aug 2011
-
The Obama administration’s Identity Ecosystem plan: What to expect
President Obama's proposed Identity Ecosystem seeks to lock down personal credentials, but is it actually feasible? News | 20 Jul 2011
-
Data reduction software accelerates computer forensic investigations
Data reduction software is an essential part of any computer forensics process. Expert Richard W. Walker looks at data reduction software tools and processes and the role they play. News | 05 Jul 2011
- See More: News on Government IT Security Management
-
Continuous monitoring strategy for government security managers
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy. Tip
-
Identity Ecosystem should make life a little easier for IT shops
While implementation of the Identity Ecosystem is a long way off, the benefits for projects such as electronic health records could be significant. Tip
-
Government cybersecurity: User-level security tools mitigate Fed insider risks
Taking on a new zero-trust model, many federal agencies are implementing insider threat controls at the user level. Tip
-
FISMA compliance made easier with OpenFISMA
Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements. Tip
-
Learn from NIST: Best practices in security program management
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight proble... Tip
-
Cyberwar: A threat to business
In the dark crevices of the virtual world, malicious individuals and groups are at the ready, waiting for the perfect opportunity to target U.S. businesses where and when they least expect it. In this tip, contributor Gideon T. Rasmussen profiles tod... Tip
-
FISMA essentials for information security practitioners
This tip provides an overview of the Federal Information Security Management Act (FISMA) and what information security professionals need to do in order to comply. Tip
-
Separating fact from fiction: Security technologies for regulatory compliance
This presentation by Burton Group analyst Diana Kelley explores what companies need to think about when creating policies for compliance. Tip
-
The 5 pillars of successful compliance
Find out how to put the key benefits of what Pamela Fusco achieved at Merck & Co. to work in your own organization as she covers five key areas associated with security's role in compliance. Tip
-
What to tell senior management about regulatory compliance
The IT Governance Institute offers actionable advice for implementing security governance as it relates to regulatory compliance. Tip
- See More: Tips on Government IT Security Management
-
Should the government reduce its external Internet connections?
To reduce its susceptibility to attack, the federal government announced a plan to gradually reduce its number of Internet connections. Mike Chapple explains why the idea is a feasible one that all enterprises can learn from. Ask the Expert
-
What criteria should I look for in a service provider to help my government agency comply with FISMA
In order to fully protect the agency's information, there must first be a security officer. Security managment expert Mike Rothman gives his advice on the FISMA compliance process. Ask the Expert
-
Implementations of Carnivore recommendations
Ask the Expert
-
Relevancy of HIPAA to civilian government agency
Ask the Expert
-
National eGovernance Plan (NeGP)
National eGovernance Plan (NeGP) is an initiative by the government of India to combine various e-governance systems around the country to create a national network that provides government services to all citizens electronically. Definition
-
EINSTEIN
EINSTEIN is a federal government network monitoring tool mandated by the United States federal government's Department of Homeland Security (DHS). EINSTEIN monitors and analyzes Internet traffic when it moves in and out of federal computer networks, ... Word
-
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats... (Continued) Word
-
encryption
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. Word
-
Inside the NSA trusted computing strategy
The NSA’s Tony Sager discusses the NSA trusted computing strategy and the importance of finding cost-effective ways to disrupt potential attackers. Video
-
Gartner Security Summit attendees on IT security, government issues
When managing IT security, government infosec pros face unique risks. Check out these Q&As from the 2011 Gartner Security & Risk Management Summit. Video
-
Jim Lewis on cyberwarfare, secure infrastructure collaboration
In this video, the director of the Center for Strategic and International Studies discusses cyberwar and the need for collaborative infrastucture protection. Video
-
Bruce Schneier: What is cyberwar?
In this RSA Conference 2011 interview, Michael Mimoso, Editorial Director of the Security Media Group at TechTarget interviews Bruce Schneier, Chief Security Technology Officer of BT Group and tried to answer the question, "What is cyberwar?" Video
-
Cyberespionage and cybercrime response
In this video, Rober Rodriguez, chairman and founder of the Security Innovation Network (SINET), discusses the state of cybercrime and cyberespionage, and what enterprises need to do to secure themselves. Video
-
Key elements of disaster recovery and business continuity planning
In part four of this series, Andre Gold discusses the key aspects of developing a successful business continuity and disaster recovery plan, including location, technology, crisis management and communications. Video
-
Face-off: Who should be in charge of cybersecurity?
Security experts Bruce Schneier and Marcus Ranum debate how the federal government should handle cybersecurity initiatives. Video
-
Federal efforts to secure cyberinfrastrucure
RSA 2009: Former White House senior advisor Paul Kurtz and James Lewis, director of technology policy at the Center for Strategic and International Studies talk about the state of cybersecurity readiness at the federal level. Video
-
Nothing funny about SCADA and ICS security
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet. News
-
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say. News
-
Draft report highlights U.S. government satellites under attack
Two U.S. government satellites came under attack four times in 2007 and 2008, according to a congressional commission. News
-
Continuous monitoring strategy for government security managers
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy. Tip
-
NERC CSO Weatherford accepts DHS position
Mark Weatherford will focus on cybersecurity operations and communications resilience at the Department of Homeland Security. News
-
DHS cloud computing: Homeland Security’s model private cloud strategy
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings. News
-
Inside the NSA trusted computing strategy
The NSA’s Tony Sager discusses the NSA trusted computing strategy and the importance of finding cost-effective ways to disrupt potential attackers. Video
-
Breach fears push federal cloud computing initiative to private cloud
Trapped between budget constraints and security fears, government agencies are increasingly opting for private clouds. News
-
Standardizing federal security regulations easier said than done
While Oregon officials have had success with a cross-government compliance program, standardizing federal requirements is another matter. News
-
State IT security model for IRS compliance could work at federal level
Oregon's model for compliance with IRS information security requirements could be used for cross-agency security at the federal level. News
- See More: All on Government IT Security Management
About Government IT Security Management
Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.