[Survey] Regulations, Careless Insiders, and IT Modernization Complicate Federal Cybersecurity
Federal IT pros are facing “Herculean tasks” when it comes to security challenges, a new survey conducted by DLT partner, SolarWinds, reveals.
An A-B-C Approach to Security Compliance Challenges
When it comes to enhancing their cybersecurity postures, federal agencies have to wade through an entire alphabet soup of regulatory compliance guidelines. From the RMF (Risk Management Framework) to FISMA (Federal Information Security Management Act) and DISA STIGs (Defense Information Systems Agency Security Technical Implantation Guides), there are a number of requirements that agencies must implement to satisfy the government’s definition of a secure environment.
Fed IT Security Hardens, but User Authentication Remains Weak
On February 27, FISMA presented its annual report to Congress. The report (compiled by the OMB) provides metrics on federal cybersecurity incidents, efforts to mitigate them, and progress in implementing cybersecurity policies and programs.
The good news is that there is progress to report, with nearly 70,000 information security issues reported in FY’ 2014, up 15% over the previous year – there is still work to be done.
What Should Government Agencies Do When they Discover a Data Breach?
Data breaches are an unfortunate fact of life for government agencies – Edward Snowden being the most infamous case. And although agencies have taken steps to protect themselves, the growing number of breaches continues to frustrate IT and legislators alike.
Compliance Begins with People and Processes, Ends with Software
All too often, federal IT personnel misconstrue software as being able to make their agency compliant with various regulations. It can’t – at least not by itself.