kudos icon +

1. Addressing Cyber Fundamentals

Improving Detection, Remediation, and Investigation Capabilities

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

Voting

0 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

ACT-IAC Membership Meeting Ideas

1. Establish “white hat” teams that test employees through phishing and spear-phishing intrusion testing.

2. Change enterprise email policy to only allow plain text, preventing unintentional click-through threats.

3. Similar to the “Cybersecurity Tip of the Day” concept, establish a “Cybersecurity Blunder of the Day” program.

Voting

1 vote
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Human-centered Approach

We could take a human-centered or human factors approach to answering the question, “Why don’t we do what we’re supposed to do, and what can we do differently to get a better outcome?”

We'd have to drive conversation to the point where the rubber meets the road, by which I mean an action or behavior, performed by a person, which creates a particular harm. Assuming we could categorize the harms in a way useful for analysis... more »

Voting

1 vote
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Unified Security Practice Manager

Inconsistent security controls are often a result of human error. A move to “Orchestration”, or an approach that automates control implementations can lead to more effective and relevant utilization of controls. Benefits include:
Enabling the Software Defined Data Center
Centrally define security policy
Security policies move with VMs
Reduce security as a choke point; accelerate business agility and responsiveness by... more »

Voting

1 vote
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Rethinking Audits into Real-time Situational Awarness

It is time to rethink the notion of an audit from something that happens periodically to some that can be continuously analyzed at will, in real-time. It is unacceptable that an organization wouldn’t have complete visibility into activities associated with all users, hosts, and applications within their network infrastructure. This becomes minimal acceptable hygiene, a starting point, inclusive of threat intelligence... more »

Voting

1 vote
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations

Part 1 - Security Risk Management
(Regular print are supported ITAPS recommendations in response to questions, italics are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

1. Addressing Cyber Fundamentals
How do we move from inconsistent security/privacy protection control approaches to solid fundamentals... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 2

Governance and Accountability:

Establish an outcome-focused Governance Framework that covers all aspects of the enterprise, resulting in effective direction-setting, decision-making, oversight, transparency, and accountability. For example, fully execute and enforce the Federal Information Security Management Act (FISMA) as contemplated in the authorizing legislation and seek legislative reform where necessary.

Escalate... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 3

People and Organizations:

Make information security a core part of organizational culture, ensuring greater awareness and better computing practices. For example, information security training should be mandatory for all government employees and contractors and information security performance should be an item in performance reviews.

Optimize enterprise and workforce planning to leverage consolidation in security... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 4

Finance and Procurement:

Organizational procurement programs should have clearly defined and communicated priorities, accompanied by clear direction to procurement agents on the procedures to acquire technology consistent with those priorities, resulting in a consistent, predictable, and agile acquisition approach that will result in more secure technology deployments. For example, the Director of the Office of Management... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

We know what's wrong, but do we know what to fix?

Leadership is on the right track when it asks why people and organizations don't do what they're supposed to do. Lessons observed (what we know) aren't converted enough into lessons learned (what we do) to prevent familiar security lapses.

This is true of ALL organizations, not just government, and always boils down to one thing: Behavior. Doing the right thing the right way, or not, is about behavior whether you're... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Restrictive Deterrence

The National Consortium for the Study of Terrorism and Responses to Terrorism (START) placed warning banners on compromised systems to better understand how a hacker responds to such a message. The study found that the banners reduced commands from hackers by 8 percent.
START, a Homeland Security Department-funded program through the University of Maryland, examined a type of cyber defense called restrictive deterrence.... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Security Self Audit Checklist (SuperSIG)

Create a self-audit checklist that agencies could use on a regular basis to assess themselves on fundamental security capabilities. It would be risk profile based for each agency. Addresses the problem of just having this done by auditors (GAO/IG) or consultants. Keeps attention and resource needed to close weaknesses and vulnerabilities.

Note: FCC is example.

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Cyber Investment Board (SuperSIG)

Use Cyber Investment Management Boards (DOD example) where cyber projects are presented, defended, and measured against outcome based performance measures for funding. Helps get cybersecurity accountability as a shared responsibility across senior leadership of the organization and to understand costs and risk benefits.

Voting

2 votes
Public Input