Showing 35 ideas for tag "cybersecurity"
kudos icon +

8. Building Effective Security into Acquisitions

Enforce existing requirements

In 2011 the White House via OMB issued a Memo M-11-11 that stated "Effective the beginning of FY2012, existing physical and logical access control systems
must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency
using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »

Voting

5 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Cybersecurity is everyone’s responsibility

Although the OPM breach has been the major source of cybersecurity discussion the past few months, it is certainly not the only issue that needs to be addressed. During the panel discussion at the NACo Summit we also covered topics like the White House Cybersecurity Sprint and how to better protect systems and data for long-term security.
If you are not familiar with the 30-day White House Cybersecurity sprint, it is... more »

Voting

6 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Need for New Standard other than AES-256

The Cybersecurity landscape involves multiple iterations of systems based on the AES256 Standard. This standard is easily breached making stopping intruders at the gate an impossible proposition. the Government and Private Industry needs to put more muscle behind the research, funding, test and deployment of a true "One Time Pad" standard for protecting filaes at rest and in transmission.

Voting

3 votes
Public Input
kudos icon +

4.Adopting a Threat-Aware Proactive Defense

Threat Awareness is Not Enough for Breach Mitigation

While the sharing of information is important, Funding for research into methods for immediate breach awareness the minute they occur is a critical component for detection and mitigation. There is technology available that can spot and identify attempts at intrusion at the source. As we know, i.e. OPM and others had been breached long before there was a discovery of intrusion. Much remains to be accomplished toward... more »

Voting

3 votes
Public Input
kudos icon +

7. Executive Leadership-led Risk Management

Independent Organizational Assessment

Organizations in government tend to be overly optimistic about their capabilities and performance, reference OPM's epic failure. Cyber security is too important to be left to self-assessments. An organization should be externally assessed and rated by unbiased and competent evaluators. Risk is only one aspect of management performance. Governance, culture and technical competence are but three key facets that determine... more »

Voting

3 votes
Public Input
kudos icon +

4.Adopting a Threat-Aware Proactive Defense

A Proposed Strategy for the Cyber Defense of U.S. Critical Infra

Today, America is in constant contact with the enemy - and the form of conflict has changed. The expansion of the Internet globally is being accompanied by an explosion of cyber threats. Nation-state adversaries, terrorists, and criminals exploit our weakly secured technology. The United States is principally reliant on its technology for a competitive advantage across the globe. Now, thanks to the Internet and cyberspace,... more »

Voting

3 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations

Part 1 - Security Risk Management
(Regular print are supported ITAPS recommendations in response to questions, italics are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

1. Addressing Cyber Fundamentals
How do we move from inconsistent security/privacy protection control approaches to solid fundamentals... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 2

Governance and Accountability:

Establish an outcome-focused Governance Framework that covers all aspects of the enterprise, resulting in effective direction-setting, decision-making, oversight, transparency, and accountability. For example, fully execute and enforce the Federal Information Security Management Act (FISMA) as contemplated in the authorizing legislation and seek legislative reform where necessary.

Escalate... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 3

People and Organizations:

Make information security a core part of organizational culture, ensuring greater awareness and better computing practices. For example, information security training should be mandatory for all government employees and contractors and information security performance should be an item in performance reviews.

Optimize enterprise and workforce planning to leverage consolidation in security... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 4

Finance and Procurement:

Organizational procurement programs should have clearly defined and communicated priorities, accompanied by clear direction to procurement agents on the procedures to acquire technology consistent with those priorities, resulting in a consistent, predictable, and agile acquisition approach that will result in more secure technology deployments. For example, the Director of the Office of Management... more »

Voting

2 votes
Public Input
kudos icon +

2. Business Initiated Vulnerabilities

Supported ITAPS recommendations

(Paragraphs preceded by [Non-ITAPS] are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?

[Non-ITAPS]... more »

Voting

1 vote
Public Input
kudos icon +

3. Breach-to-Response Acceleration

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can agencies effectively address current time lags with detection of and response to vulnerabilities and threats that will significantly compress breach-to-detection-to-response... more »

Voting

1 vote
Public Input
kudos icon +

3. Breach-to-Response Acceleration

Supported ITAPS recommendations, part 2

Consistent with the concept that security is the responsibility of all employees, all agency employees should be educated and trained on general incident response planning concepts and any related responsibilities, including how to notify response organizations, the information to report, and other relevant activities.

All incidents, exercises, and general activities offer opportunities to learn and improve planning.... more »

Voting

2 votes
Public Input