Continuous monitoring

ICAM Still Faces Bumpy Road For Government Smart Card Rollout

By

What seemed like a simple objective, to develop and issue a standardized, electronically-verifiable identification card for civilian agency personnel, continues to encounter a barrage of technical and cultural challenges at a time when identification has become a critical component in the government’s efforts to embrace mobile and remote computing.

Despite the government’s aggressive push under the Identity, Credential and Access Management (ICAM) plan, only three departments are above minimum fielding levels and using the civilian personal identity verification (PIV) cards, said Paul Grant, director for cybersecurity policy in the Office of the DOD Chief Information Officer. And it remains unclear when the cards will be universally fielded across the civilian government. Keep reading →

 /  Published December 17, 2012 at 8:00 AM

Agencies Show Little Progress In 2012 Combating Cyber Incidents

By

The number of reported cybersecurity incidents involving federal information networks continues to increase while the posture of federal agencies to defend against them appears to be weakening in 2012, according to projected data from a Congressional watchdog agency.

The Government Accountability Office’s director of information security issues, Greg Wilshusen, in a presentation to federal and industry security officials, said that the rate of reported security incidents, which had leveled off in 2011 after a steady four-year climb, was expected to jump again in 2012. Keep reading →

 /  Published December 4, 2012 at 8:00 AM

Continuous Monitoring Technology Not A Silver Bullet, Experts Warn

By

The push to adopt continuous monitoring as a more advanced means for ensuring network security can only work if other network technologies are made secure, said a leading computer scientist from the National Institute of Standards and Technology.

Agencies need to understand the underlying security issues, beyond what continuous monitoring can offer, because adversaries can take advantage of weaknesses to bring down network capabilities, said Ron Ross, senior computer scientist and fellow at NIST. Ross (pictured above, seated far left) made the remarks at the recent Symantec Government Symposium on government security practices. Keep reading →

 /  Published November 12, 2012 at 1:00 PM

Bringing ‘Sexy’ Back To CyberScope

By

The recent GFIRST Conference – a forum for incident response and security teams – covered the gamut of security topics with a surprisingly colorful and entertaining array of session titles. While my session title, “Continuous Monitoring 2.0” , may have lacked the bedazzle factor of “Hack the database…and other cocktail party tricks”, “Bad Karma Chameleon”, “Welcome to McSecurity, would you like fries with your scan?”, it did capture audience sentiment about the government’s CyberScope initiative and the push for continuous network monitoring.

So what’s causing the angst among federal IT security managers about CyberScope’s current state of play? Keep reading →

 /  Published October 18, 2012 at 1:00 PM

Continuous Monitoring Required For Digital Data Everywhere

By

Digital data is exploding and government agencies are facing a data visibility crisis.

By 2016, analysts predict there will be 760 million tablets in use worldwide and 1 billion people will own smartphones. And according to a survey by CDW Government, 99% of federal IT professionals have deployed mobile devices to agency employees with 44% of federal employees reporting using their personal mobile devices for work purposes. Keep reading →

 /  Published September 10, 2012 at 11:00 AM