Security Management Strategies for the CIOEmail Alerts
-
FISMA Compliance and the Evolution to Continuous Monitoring
The U.S. Department of State developed a system for improving federal cybersecurity. Feature
-
PING with Jane Scott Norris
In an interview with Information Security magazine, Jane Scott Norris, Department of State's first CISO, offers some insight on what it takes to become a CISO. Information Security maga
-
Making sense of the maze
The program director of regulatory compliance for the Object Management Group discusses a new project known as Compliance Global Regulatory Information Database, which should help businesses manage regulatory compliance demands across international b... Executive Briefing
-
Ensure that legal responsibilities are clear -- Especially when trouble strikes
Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Book Chapter
-
Best practices in Internet security: The Access Certificates for Electronic Services Program
The Access Certificates for Electronic Services Program (ACES) brings multiple PKI service providers together into an interoperable public key infrastructure (PKI) for use by government entitites and the private sector. Feature
-
Robby Ann Hamlin
Information Security maga
-
ID theft and national security
Check out what some ITKnowledge Exchange members had to say about this controversial issue. Security Speak-Out
-
Do you speak geek: Respecting the letter of the law
Test your knowledge of security laws and regulations. Quiz
-
Quiz: Compliance
Test your knowledge of legislation and standards. Quiz
-
DHS cybersecurity boss pushes 'cyber 911', new voluntary standards
At the CSA Summit 2013, Mark Weatherford said the DHS 'cyber 911' service will better support the private sector, and new voluntary standards are in the works. News | 25 Feb 2013
-
US military plans major boost for cyber force
The US plans a substantial expansion for its cyber security force, increasing the headcount from 900 to 4,900 in the next few years News | 28 Jan 2013
-
State CISOs cite insufficient funding, lack of skilled IT professionals in survey
The biannual Deloitte-NASCIO survey revealed what state CISOs believe are the top barriers in addressing cybersecurity. News | 29 Oct 2012
-
Chinese telecoms cannot be trusted, congressional study finds
A report by the House Intelligence Committee found Chinese telecoms, Huawei and ZTE, pose a significant security threat to the United States. News | 08 Oct 2012
-
Napolitano calls for cybersecurity intelligence information sharing
DHS Secretary Janet Napolitano Monday renewed the call for guidelines that enable public-private cybersecurity intelligence information sharing. News | 10 Sep 2012
-
Praise, criticism for retiring cybersecurity coordinator Howard Schmidt
Security experts say some issues haven’t been adequately addressed by the White House security chief. News | 17 May 2012
-
Steve Lipner on the Microsoft SDL, critical infrastructure protection
Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection. News | 16 May 2012
-
Nothing funny about SCADA and ICS security
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet. News | 06 Feb 2012
-
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say. News | 21 Dec 2011
-
Draft report highlights U.S. government satellites under attack
Two U.S. government satellites came under attack four times in 2007 and 2008, according to a congressional commission. News | 27 Oct 2011
- See more News on Government IT Security Management
-
Continuous monitoring strategy for government security managers
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy. Tip
-
Identity Ecosystem should make life a little easier for IT shops
While implementation of the Identity Ecosystem is a long way off, the benefits for projects such as electronic health records could be significant. Tip
-
Government cybersecurity: User-level security tools mitigate Fed insider risks
Taking on a new zero-trust model, many federal agencies are implementing insider threat controls at the user level. Tip
-
FISMA compliance made easier with OpenFISMA
Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements. Tip
-
Learn from NIST: Best practices in security program management
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight proble... Tip
-
Cyberwar: A threat to business
In the dark crevices of the virtual world, malicious individuals and groups are at the ready, waiting for the perfect opportunity to target U.S. businesses where and when they least expect it. In this tip, contributor Gideon T. Rasmussen profiles tod... Tip
-
FISMA essentials for information security practitioners
This tip provides an overview of the Federal Information Security Management Act (FISMA) and what information security professionals need to do in order to comply. Tip
-
Separating fact from fiction: Security technologies for regulatory compliance
This presentation by Burton Group analyst Diana Kelley explores what companies need to think about when creating policies for compliance. Tip
-
The 5 pillars of successful compliance
Find out how to put the key benefits of what Pamela Fusco achieved at Merck & Co. to work in your own organization as she covers five key areas associated with security's role in compliance. Tip
-
What to tell senior management about regulatory compliance
The IT Governance Institute offers actionable advice for implementing security governance as it relates to regulatory compliance. Tip
- See more Tips on Government IT Security Management
-
Should the government reduce its external Internet connections?
To reduce its susceptibility to attack, the federal government announced a plan to gradually reduce its number of Internet connections. Mike Chapple explains why the idea is a feasible one that all enterprises can learn from. Ask the Expert
-
What criteria should I look for in a service provider to help my government agency comply with FISMA
In order to fully protect the agency's information, there must first be a security officer. Security managment expert Mike Rothman gives his advice on the FISMA compliance process. Ask the Expert
-
Implementations of Carnivore recommendations
Ask the Expert
-
Relevancy of HIPAA to civilian government agency
Ask the Expert
-
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Definition
-
Computer Security Incident Response Team (CSIRT)
A Computer Security Incident Response Team (CSIRT) is a group of professionals that receives reports of security breaches, conducts analyses of the reports and responds to the senders. Definition
-
National eGovernance Plan (NeGP)
National eGovernance Plan (NeGP) is an initiative by the government of India to combine various e-governance systems around the country to create a national network that provides government services to all citizens electronically. Definition
-
EINSTEIN
EINSTEIN is a federal government network monitoring tool mandated by the United States federal government's Department of Homeland Security (DHS). EINSTEIN monitors and analyzes Internet traffic when it moves in and out of federal computer networks, ... Definition
-
encryption
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. Definition
-
NSA's Troy Lange details NSA mobile security strategy
Video: NSA mobility mission manager Troy Lange discusses the NSA mobile security strategy, including mistakes made and lessons learned. Video
-
Inside the NSA trusted computing strategy
The NSA’s Tony Sager discusses the NSA trusted computing strategy and the importance of finding cost-effective ways to disrupt potential attackers. Video
-
Gartner Security Summit attendees on IT security, government issues
When managing IT security, government infosec pros face unique risks. Check out these Q&As from the 2011 Gartner Security & Risk Management Summit. Video
-
Jim Lewis on cyberwarfare, secure infrastructure collaboration
In this video, the director of the Center for Strategic and International Studies discusses cyberwar and the need for collaborative infrastucture protection. Video
-
Bruce Schneier: What is cyberwar?
In this RSA Conference 2011 interview, Michael Mimoso, Editorial Director of the Security Media Group at TechTarget interviews Bruce Schneier, Chief Security Technology Officer of BT Group and tried to answer the question, "What is cyberwar?" Video
-
Expert on cyber espionage, types of cybercrime and prevention
In this video, Rober Rodriguez, chairman and founder of the Security Innovation Network (SINET), discusses the state of cybercrime and cyberespionage, and what enterprises need to do to secure themselves. Video
-
Key elements of disaster recovery and business continuity planning
In part four of this series, Andre Gold discusses the key aspects of developing a successful business continuity and disaster recovery plan, including location, technology, crisis management and communications. Video
-
Face-off: Who should be in charge of cybersecurity?
Security experts Bruce Schneier and Marcus Ranum debate how the federal government should handle cybersecurity initiatives. Video
-
Federal efforts to secure cyberinfrastrucure
RSA 2009: Former White House senior advisor Paul Kurtz and James Lewis, director of technology policy at the Center for Strategic and International Studies talk about the state of cybersecurity readiness at the federal level. Video
-
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Definition
-
NSA's Troy Lange details NSA mobile security strategy
Video: NSA mobility mission manager Troy Lange discusses the NSA mobile security strategy, including mistakes made and lessons learned. Video
-
DHS cybersecurity boss pushes 'cyber 911', new voluntary standards
At the CSA Summit 2013, Mark Weatherford said the DHS 'cyber 911' service will better support the private sector, and new voluntary standards are in the works. News
-
US military plans major boost for cyber force
The US plans a substantial expansion for its cyber security force, increasing the headcount from 900 to 4,900 in the next few years News
-
State CISOs cite insufficient funding, lack of skilled IT professionals in survey
The biannual Deloitte-NASCIO survey revealed what state CISOs believe are the top barriers in addressing cybersecurity. News
-
FISMA Compliance and the Evolution to Continuous Monitoring
The U.S. Department of State developed a system for improving federal cybersecurity. Feature
-
Chinese telecoms cannot be trusted, congressional study finds
A report by the House Intelligence Committee found Chinese telecoms, Huawei and ZTE, pose a significant security threat to the United States. News
-
Napolitano calls for cybersecurity intelligence information sharing
DHS Secretary Janet Napolitano Monday renewed the call for guidelines that enable public-private cybersecurity intelligence information sharing. News
-
Computer Security Incident Response Team (CSIRT)
A Computer Security Incident Response Team (CSIRT) is a group of professionals that receives reports of security breaches, conducts analyses of the reports and responds to the senders. Definition
-
Praise, criticism for retiring cybersecurity coordinator Howard Schmidt
Security experts say some issues haven’t been adequately addressed by the White House security chief. News
- See more All on Government IT Security Management
About Government IT Security Management
Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.