Government information security management

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.

February 24, 2021 24 Feb'21
Senate hearing: SolarWinds evidence points to Russia

Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else.
February 18, 2021 18 Feb'21
White House: 100 companies compromised in SolarWinds hack

The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies.
February 17, 2021 17 Feb'21
Risk & Repeat: SolarWinds and the hacking back debate

This week's Risk & Repeat podcast looks at a recent '60 Minutes' episode that discussed the possibility of the U.S. government hacking back in response to the SolarWinds attacks.
January 28, 2021 28 Jan'21
DOJ charges suspect in NetWalker ransomware attacks

The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic.

Bring yourself up to speed with our introductory content

SolarWinds supply chain attack explained: Need-to-know info

The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide. Continue Reading
Top 10 cybersecurity online courses for 2021

Our panel of leading experts picked the best free and paid online cybersecurity courses for working professionals advancing their careers and newbies breaking into the field. Continue Reading
Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Technology a double-edged sword for U.S. election security

Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election. Continue Reading
The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
Risk & Repeat: When will mobile voting be ready?

This week's Risk & Repeat podcast examines the rise of mobile voting apps and how security experts have expressed concerns about the risks deploying the technology for elections. Continue Reading

Learn to apply best practices and optimize your operations.

Cybersecurity training for employees: The why and how

Cybersecurity training continues to miss the mark. How do you succeed where so many others have failed? Keep it fresh, keep it current and make it real. Here's how. Continue Reading
Tackling IT security awareness training with a county CISO

A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading
4 steps to critical infrastructure protection readiness

Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Interconnected critical infrastructure increases cybersecurity risk

Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks. Continue Reading
How to create a ransomware incident response plan

The increase in recent attacks makes clear the need for a ransomware incident response plan. Here's how to limit the effect of such attacks, as well as what to do if infected. Continue Reading
With US ban, Huawei products put CISOs on notice

The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations. Continue Reading