Government information security management

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national initiatives to secure cyberspace, public-private cooperation and the government's role in helping enterprises protect the data of U.S. citizens.

April 15, 2021 15 Apr'21
Risk & Repeat: FBI's web shell removal raises questions

The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers.
April 14, 2021 14 Apr'21
FBI removes web shells from infected Exchange servers

The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities.
April 01, 2021 01 Apr'21
Man indicted in Kansas water facility breach

While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee.
April 01, 2021 01 Apr'21
CISA: U.S. agencies must scan for Exchange Server attacks

CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.

Bring yourself up to speed with our introductory content

cyber espionage

Cyber espionage, also called cyber spying, is a form of cyber attack that is carried out against a competitive company or government entity. Continue Reading
SolarWinds supply chain attack explained: Need-to-know info

The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide. Continue Reading
Top 10 cybersecurity online courses for 2021

Our panel of leading experts picked the best free and paid online cybersecurity courses for working professionals advancing their careers and newbies breaking into the field. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Can a new DHS cybersecurity strategy help the private sector?

The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated. Continue Reading
Federal technology upgrade could see security, SaaS outlay

Channel partners expect major shifts in the government's technology priorities. Find out which IT trends are poised to shape spending in the coming years. Continue Reading
Technology a double-edged sword for U.S. election security

Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election. Continue Reading

Learn to apply best practices and optimize your operations.

Cybersecurity training for employees: The why and how

Cybersecurity training continues to miss the mark. How do you succeed where so many others have failed? Keep it fresh, keep it current and make it real. Here's how. Continue Reading
Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets. Continue Reading
Tackling IT security awareness training with a county CISO

A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Interconnected critical infrastructure increases cybersecurity risk

Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks. Continue Reading
How to create a ransomware incident response plan

The increase in recent attacks makes clear the need for a ransomware incident response plan. Here's how to limit the effect of such attacks, as well as what to do if infected. Continue Reading
With US ban, Huawei products put CISOs on notice

The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations. Continue Reading