Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Search Tags: technology
Sec. Clinton's take on telework is asked for at a town hall meeting with employees.
Get a sneak peak at what's coming up on Ask the CIO this week.
In addressing the importance of cyber security as a government priority in testimony before a Senate Homeland Security and Governmental Affairs subcommittee last fall, Vivek Kundra, the Federal Chief Information Officer, said:
"Our Nation's security and economic prosperity depend on the stability and integrity of our Federal communications and information infrastructure." Federal News Radio has reportedthat the federal government will spend $8.3 billion on computer security this year - marking a 60% increase in four years. As Federal information security decision-makers allocate dollars and resources to protect our infrastructure, it is important to prioritize the key challenges they face. These include:
- 1. Increased use of mobile devices.Mobile devices are becoming smaller and faster every day. Agencies face even more challenges as mobile applications have now become widely used and they are even looking to build their own mobile applications to increase their productivity in the field.
- 2. Continued movement of data into the cloud. Cloud computing has become a pervasive buzzword but in the end, risk stems from a matter of oversight and control. Agencies must rely on strong governance and compliance oversight of their service providers since they do not own or control the systems where their data resides.
- 3. Changing regulatory environment. NIST has undergone sweeping changes across their Special Publications by introducing a new Risk Management Framework and introducing new nomenclature such as "Security Authorization." OMB continues to press their performance metrics as a part of the FISMA reporting process and could see some changes in the next 9 months.
- 4. Application security. Attackers have now moved their focus from the network and infrastructure level to the application layer. We're seeing more attacks proliferated through applications such as Adobe and web browsers but some high profile data breaches stemmed from custom web applications through SQL injection attacks.
- 5. Developing/maturing offensive capabilities. "Understanding the offensive to build the defensive" has become the mantra for today's cyber security efforts. The ability to understand the mindset of an attacker and their methods becomes critical in building defenses that focus on these attack vectors.
Reigning in the changes can pose a difficult problem for several agencies but it ultimately comes down to understanding the threats to your particular agency and narrowing your defenses on those areas. Focus and prioritization become key in the constant battle.