Management and program silos within agencies that so often stymie efforts to integrate information technology and security practices are also hindering efforts to institute smarter risk management strategies at agencies, according to senior government security officials.

“Risk is still being managed at most agencies in a stovepipe manner,” said Department of Energy Chief Information Officer Bob Brese (pictured at left) during a Government Technology Research Alliance conference on government security trends on Monday. Keep reading →

Recently I was with a CISO of a multi-billion dollar critical infrastructure provider in the private sector.

We were conducting a security scan and compiling a list of issues and areas that needed to be addressed as part of his overall security program. While at one of the facilities he received a notification that he shared with me. The message was that they had traced back the source of a breach that had occurred a few months back. Keep reading →

The Federal government is now on track to close 1,080 data centers by 2015 among 3,133 in operation as part of a broader administration effort to reduce duplicative spending and to do more with less.

Federal CIO Steven VanRoekel, however, has signaled a new emphasis on doing “more” — by investing in technology creatively–rather than focusing primarily “on the less” that is typically associated with cuts, including data center closures. Keep reading →

Cyber intelligence has emerged as the single most critical element in cyber defense. The private sector owns and operates the vast majority of the U.S. critical infrastructure which has become a high value target for those who wish to harm the United States. In addition, the private sector produces a substantive portion of the technology used to defend the nation, which if compromised could be very damaging.

On Dec. 1, 2011 the House Permanent Select Committee on Intelligence Committee Chairman Mike Rogers introduced what is being called a ground-breaking piece of legislation. Keep reading →