Ask the Experts

Ask the Experts

Government information security management

• How do source code reviews of security products work?

  Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews.  Continue Reading

• Should the Vulnerabilities Equities Process be codified into law?

  The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.  Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.  Continue Reading

• Who should be on an enterprise cybersecurity advisory board?

  What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.  Continue Reading

• What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.  Continue Reading

• What are the potential pros and cons of a Cyber National Guard?

  A congressman proposed adding a Cyber National Guard to the military to protect the U.S. from cyber adversaries. Expert Mike O. Villegas examines the potential drawbacks of this branch.  Continue Reading

• How does the Safeguards Rule pertain to SEC cybersecurity regulations?

  The SEC claimed Morgan Stanley violated the Safeguards Rule, but what does that mean? Expert Mike Chapple discusses the federal regulation and what happened with Morgan Stanley.  Continue Reading

• How does the Federal Privacy Council affect government security?

  Established as part of an executive order by President Obama, the Federal Privacy Council plays a role in government cybersecurity. Expert Mike Chapple discusses what that means.  Continue Reading

• What does the GAO's SEC cybersecurity report mean for regulation?

  The GAO reported on SEC cybersecurity weaknesses, even though the SEC regulates cybersecurity. Expert Mike Chapple discusses the effects of this report.  Continue Reading

• What does the Consumer Privacy Bill of Rights mean for enterprises?

  The Consumer Privacy Bill of Rights, if made a federal law, would create a uniform set of privacy requirements. Here's a look at the potential benefits.  Continue Reading

• How should agencies prepare for federal security scanning?

  What do agencies need to consider before going through the Department of Homeland Security's network security scanning? Expert Mike Chapple answers.  Continue Reading

• Prerequisites to join the Enhanced Cybersecurity Services program

  Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.  Continue Reading

• What is the MEHARI risk management framework and how can it be used?

  Expert Joseph Granneman details the MEHARI risk management framework and compares it to the ISO 27000 and NIST 800 series.  Continue Reading

• Should the government reduce its external Internet connections?

  To reduce its susceptibility to attack, the federal government announced a plan to gradually reduce its number of Internet connections. Mike Chapple explains why the idea is a feasible one that all enterprises can learn from.  Continue Reading

• What criteria should I look for in a service provider to help my government agency comply with FISMA

  In order to fully protect the agency's information, there must first be a security officer. Security managment expert Mike Rothman gives his advice on the FISMA compliance process.  Continue Reading