Adopt content-centric security of data using digital rights management techniques to protect data at the source and track exfiltrations of data that depart from pre-set boundaries.
How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable... more »
4) How should the government expand beyond its emphasis on perimeter defense and even Defense in Depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary's point of view?
Create Blue Team audits followed by Red Team operations performed by pre-qualified contractors or in-house staff using efficient contract services vehicle managed by GSA. Focus is beyond standard penetration testing and embraces “hunting” tactics largely used by DOD Red Teams to emulate adversaries. Increases resiliency and ability to enhance capability to address early indicators of APTs.
Practice response to cyber threats as part of overall emergency response capacity to build resiliency.
Establish SLAs and/or performance metrics for threat detection, incentivizing contractors.
Current security tools independently address weaknesses; suites of tools offer more complete... more »