GovDefenders Wednesdays | Are Your Paleolithic Post-Patch and Post-Phish Processes Leaving You in a Pickle?
Last month the National Institute of Standards (NIST) database of software vulnerabilities, the National Vulnerability Database (NVD), was taken offline for several days because it was discovered that the web servers hosting the NVD, as well as other government databases, had been compromised by a software vulnerability. In this blog, I’ll review the problem; next week I’ll identify tools and processes that can help solve the problem.
Technically News – 3/18
This week in Technically News: Hacked Federal Cybersecurity Databases Raise More Alarms; Is Your City the Tech Smartest; Could WW3 Start with a Cyberattack: Symantec's CTO Weighs In; Will Sequestration Compromise Agency Cybersecurity.
Technically News – 3/11
In this edition: Symantec CTO: Enterprise Security Still Needs Humans; As Data Centers Consolidate, Those Remaining Need to be More Efficient; Complexity is Cybersecurity’s Real Enemy; Cybersecurity Challenges in 2013; GitHub Hires First Government Liaison.
Technically News – 2/11
In this edition: DLT Solutions Adds AWS GovCloud To Its Cloud Services; NIST Wants Your Advice on Cybersecurity Document; Red Hat Embraces BYOD; Steps for Protecting Your Data Center After Virtualization; State of the Union to Discuss Cybersecurity.
Henry Sienkiewicz: DISA’s Vision for Cybersecurity
Last Friday, I had the privilege of hearing Henry Sienkiewicz, Vice Chief Information Assurance Executive for the Defensive Information Systems Agency (DISA), at a luncheon hosted by the Northern Virginia chapter of the Air Forces Communications and Electronics Association. In his opening remarks, Mr. Sienkiewicz identified three vectors challenging their cybersecurity delivery: budget decreases, strong demand from the services, and how cybersecurity is being conducted to defend and protect the mission. My five key takeaways are the following...
GovDefenders Wednesdays: Software Assurance & SQL Injections
Non-technical readers may be surprised to learn that software defects are the most common root cause of information security vulnerabilities. Whether through poor design, improper coding techniques, inadequate testing, or incorporation of third-party software modules of dubious quality; in many cases the threat vector is baked in before users install the software.
Cybersecurity Wednesdays: Information Security Continuous Monitoring (ISCM) Enabling Technologies: Can You Name Them?
Cybersecurity Wednesdays is written by Van Ristau, DLT Solutions’ Chief Technology Officer. Throughout the month, he’ll explore the world of public sector cybersecurity; introducing concepts, offering opinions, providing resources, and identifying ways to protect your agency. You may also follow Van on Twitter at @VanRistau.
10 Areas of Concern in Cloud Security
The DLT Cloud Advisory Group is focused on the emerging cloud landscape and proactively engages with the public sector community interested in cloud computing. We also actively contribute to establish standards through our participation in various Standards Development Organizations. Along with IEEE, NIST, and the CSA, we are active contributors to the Cloud Standards Customer Council (CSCC). Most recently, we have been assisting the CSCC Security Working Group’s research efforts for their recent whitepaper, “Security for Cloud Computing: 10 Steps to Ensure Success.”
Government’s Fast Track to the Cloud
As Featured on Technology Marketing Corporation’s Website, TMCnet.com
The General Services Administration (GSA) is in the midst of launching an ambitious program designed to accelerate the safe adoption of cloud services within the U.S. Government. That program, the Federal Risk and Authorization Management Program (FedRAMP), is a collaborative effort between the GSA, the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), and the Department of Defense (DOD). FedRAMP will ensure cloud service providers (CSP) maintain adequate information security; reduce duplicated effort; decrease risk management costs; and streamline the procurement of cloud services.