ISC2

This is the last in a series of profiles featuring 2012 U.S. Government Information Security Leadership Award (GISLA) winners. The winners received the awards in October from (ISC)2 a nonprofit serving certified information security professionals and administrators.

As the systems that support space missions continue to grow in scale and complexity, so does the need to keep improving the processes used to assess system vulnerabilities. At the same time, those processes have to remain flexible, reliable and still meet a host of complex continuous monitoring guidelines. Keep reading →

This one in a series of profiles featuring 2012 U.S. Government Information Security Leadership Award (GISLA) winners. The winners received the awards in October from (ISC)2 a nonprofit serving certified information security professionals and administrators.

As chief information officer of the US Department of Agriculture’s Food Safety and Inspection Service (FSIS), Janet Stevens understands why cybersecurity isn’t just about firewalls and malware protection. Keep reading →

This is the first in a series of profiles featuring 2012 U.S. Government Information Security Leadership Award (GISLA) winners. The winners received the awards in October from (ISC)2 a nonprofit serving certified information security professionals and administrators.

During a time of significant demand for — and an equally significant shortage of — skilled cyber security professionals, Commander of the Army Reserve Information Operations Command (ARIOC), Col. John Diaz assembled and led a 10-person cadre that set a training strategy into motion that systematically transforms ARIOC’s workforce into elite combat-ready cyber warriors. Keep reading →

Our organization, (ISC)² recently participated in the IT Acquisition Advisory Council’s 40th IT-AAC Leadership Roundtable, where high-level cloud stakeholders came together to discuss cloud security, FedRAMP and beyond.

Although I was unable to engage live in the roundtable discussion, I do have some thoughts for government officials to consider as they address the many complexities of securing an initiative that holds more promise for the federal government than any other IT innovation in decades — the cloud. Keep reading →

For those tasked with managing risk throughout the enterprise, and who follow my blog postings, you’re familiar with a theme I stress often regarding information security best practices: “An ounce of prevention is worth a pound of cure.”

For practitioners and managers tasked with enterprise risk management, you can apply this approach to all your decision-making, whether you’re looking to make new technology purchases, implement new policies, and, perhaps most importantly, hiring new people. Keep reading →

What do well-balanced information security professionals look like, and why should the government be hiring them?

With the release of the National Initiative for Cybersecurity Education (NICE) Framework and much talk about the cyber human capital crisis, one question that keeps coming up is “what type of information security professional should agencies be hiring?” Keep reading →

Throughout my years in government, I engaged in many discussions regarding the convergence of information and physical security assets. While the “why-fix-it-if-it-ain’t-broke?” argument advocating the effectiveness of maintaining the separation of logical and physical security still stands strong in some circles, there is no doubt that convergence has become a growing fad.

At (ISC)2, we often poll our members on topics that represent a potential impact on the information security profession. Just prior to our recent (ISC)2 Security Congress, co-located with ASIS International’s 57th Annual Conference & Exhibits,we took the opportunity to poll our members on the integration of traditional and information security and discovered that many hold to the belief that information security and physical security should not be separate but equal and complimentary entities. Keep reading →

In my last blog posting, I expressed my thoughts on the importance of taking a holistic approach specifically to addressing the recent proliferation of software vulnerabilities. But truly, this approach applies to addressing all cybersecurity vulnerabilities.

I was reminded of that this week when I read a well-known security figurehead’s very myopic response to a newly released cyber education strategy, called the NICE Strategy, implying that the strategy will have little or no impact if it is not updated to focus on developing critical ‘hands-on cybersecurity skills’. Keep reading →