Government information security management

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.

December 01, 2020 01 Dec'20
Ransomware attack shuts down Baltimore County schools

Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted.
November 20, 2020 20 Nov'20
Risk & Repeat: Christopher Krebs out as CISA director

This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community.
November 19, 2020 19 Nov'20
White House questions election security; experts do not

A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees.
November 18, 2020 18 Nov'20
President Trump fires CISA director Christopher Krebs

President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.

Bring yourself up to speed with our introductory content

Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets. Continue Reading
Navigate the DOD's Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them. Continue Reading
Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
Technology a double-edged sword for U.S. election security

Technologies are being weaponized to undermine the 2020 U.S. presidential election, but IT systems will also help identify fraud and verify results in a contested election. Continue Reading
Risk & Repeat: When will mobile voting be ready?

This week's Risk & Repeat podcast examines the rise of mobile voting apps and how security experts have expressed concerns about the risks deploying the technology for elections. Continue Reading

Learn to apply best practices and optimize your operations.

Tackling IT security awareness training with a county CISO

A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading
4 steps to critical infrastructure protection readiness

Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR. Continue Reading
NIST incident response plan: 4 steps to better incident handling

The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Interconnected critical infrastructure increases cybersecurity risk

Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks. Continue Reading
How to create a ransomware incident response plan

The increase in recent attacks makes clear the need for a ransomware incident response plan. Here's how to limit the effect of such attacks, as well as what to do if infected. Continue Reading
With US ban, Huawei products put CISOs on notice

The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations. Continue Reading