Government information security management

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.

October 23, 2018 23 Oct'18
Healthcare.gov breach exposes data on 75,000 people

Malicious actors attacked a back-end insurance system and the resulting Healthcare.gov breach exposed an unknown amount of data on 75,000 people.
October 19, 2018 19 Oct'18
Facebook hack the work of spammers, not foreign adversary

News roundup: The Facebook hack was the work of spammers, according to The Wall Street Journal. Plus, 35 million voter records are for sale on the dark web, and more.
October 19, 2018 19 Oct'18
Risk & Repeat: Military cybersecurity scrutinized in GAO report

This week's Risk & Repeat podcast discusses the GAO report on vulnerabilities and weaknesses in modern weapons systems and what they mean for the U.S. military.
October 16, 2018 16 Oct'18
Pentagon data breach exposed travel data for 30,000 individuals

The Department of Defense said a Pentagon data breach exposed travel records for approximately 30,000 military and civilian personnel, but the investigation is still in progress.

Bring yourself up to speed with our introductory content

National Security Agency (NSA)

The National Security Agency is the official U.S. cryptologic organization of the United States Intelligence Community under the Department of Defense. Continue Reading
What GDPR privacy requirements mean for U.S. businesses

Prospects of GDPR enforcement may be sowing fear, uncertainty and doubt. But the policy is also sending a clear message to companies: protect customer privacy, or else. Continue Reading
encryption

In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Cybersecurity methods, threats similar across public and private sectors

For Xerox CISO and former White House deputy CIO Alissa Johnson, cybersecurity lessons learned in the public sector are proving relevant in her current role. Continue Reading
How do source code reviews of security products work?

Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews. Continue Reading
IoT Cybersecurity Improvement Act sets low bar for IoT device safety

The IoT Cybersecurity Improvement Act sets a minimum security bar for selling IoT products to the federal government by eliminating default passwords and known vulnerabilities. Continue Reading

Learn to apply best practices and optimize your operations.

Why a unified local government security program is crucial

When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial. Continue Reading
How criticality analysis benefits from an entropy engineer

NIST published 'Criticality Analysis Process Model: Prioritizing Systems and Components' to guide organizations when prioritizing systems. Discover the key processes with Judith Myerson. Continue Reading
What GDPR requirements mean for U.S. companies

The EU's General Data Protection Regulation legislation goes into effect in May 2018. Don't assume your European business is too insignificant to need to comply. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How intelligence data leaks caused collateral damage for infosec

Alvaka Networks' Kevin McDonald looks at the real-world damage caused by data leaks at the CIA and NSA, which have put dangerous government cyberweapons in the hands of hackers Continue Reading
Risk & Repeat: Pentagon cybersecurity under fire

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense. Continue Reading
What effect does FITARA have on U.S. government cybersecurity?

FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law. Continue Reading