recommended reading


How to Know Which NIST Framework to Use

By Richard P. Tracy // June 16, 2017


Richard P. Tracy is the chief security officer of Telos.

One of the most important aspects of the recent cybersecurity executive order is also the aspect causing the most confusion.

When President Donald Trump signed the executive order in May, it included the requirement federal agencies use the NIST Cybersecurity Framework to manage their cybersecurity risk. However, some have confused the NIST CSF with the NIST Risk Management Framework, which all federal agencies have been required to follow since its 2010 introduction.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

To put it succinctly, they are two different frameworks. As industry and government work together to execute this order, it is very important for everyone to fully understand the two frameworks, and how they differ.

NIST CSF Overview

The NIST CSF was released in February 2014 in response to a 2013 executive order that called for a voluntary framework of industry standards and best practices to help organizations manage cybersecurity risk.

The CSF was created as a result of collaboration between government and the private sector. It “uses a common language to address and manage cybersecurity risk in a cost-effective way based...

Sins of the IT Professional

By Leon Adato // June 15, 2017

Den Rise/

Leon Adato is the head geek at SolarWinds.

Why is government IT so fraught with misinformation? That’s a good question with a surprisingly simple answer: IT professionals have a really tough job. They face the conundrum of managing increasingly complex and hybrid IT platforms, where some applications reside onsite while others are hosted in the cloud. They must protect their networks from continually evolving threats and enterprising bad actors, as well as the seemingly endless onslaught of mobile devices. Budgets are restrictive and resources slim. And there are political agendas that must be satisfied.

Given all of these factors, it’s understandable if we, professionals though we are, might feel compelled to tell some little white lies to ourselves on occasion. “Everything’s fine,” we might say—even if we’re not entirely sure of the truth of that statement. We might also be willing to engage in some little excuses and statements of overconfidence.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The problem is these small indiscretions can turn into big problems if not kept in check. Therefore, it’s important we acknowledge we may not have all the...

Spoofing a Government Website is Easier Than You Think

By John Breeden II // June 14, 2017


John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

The federal government is a big target, the fourth most popular overall according to most studies, for attackers trying to target core assets. But a new breed of attacker may be even more insidious, impersonating government websites and official apps in order to steal credentials from real federal workers, or simply to exploit normal people who think they are interacting with real agencies.

This past week, I was invited to examine a product in the emerging field of external asset protection. While most cybersecurity focuses on core assets, the RiskIQ Digital Threat Management Platform instead looks at areas outside of an agency’s direct control to find threats or vulnerabilities. This can be suppliers working with unpatched or vulnerable equipment, or outright criminals trying to impersonate government agencies. The RiskIQ platform is designed to find all of them, wherever they may be hiding on the internet.

» Get the best federal technology news and ideas delivered right...

How the Influx of Millennials Can Transform Your Workplace

By Wayne Bobby // June 12, 2017


Wayne Bobby is the vice president of Infor Federal.

The biggest generation in U.S. history is now the largest generation in today’s labor market, holding down 75 million jobs across the country as of 2015. You’ve heard for years the millennials are coming, and now they are here. Millennials can bring your department, agency or program the skills, attitude and tech savvy to deliver 21st-century services in an era of lean public-sector resources—but only if you have a practical plan in place to recruit and retain your next-generation workforce.

More Than a Paycheck

Some of the overwrought reports about millennials in the workplace have been greatly exaggerated, while others have missed the point. Your new hires won’t expect to be coddled through their first several weeks on the job or for a supervisor to take the place of mom or dad. Contrary to what you might have read, their parents won’t be showing up to enforce that unrealistic expectation.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

However, millennials do bring different priorities to the world of work. While they need and want the income, they...

How Customers Are Defining the Future of Biometrics

By J. Kevin Reid // June 9, 2017


J. Kevin Reid is the vice president of national security and chief information officer of KeyLogic Systems.

In the past, biometric security was something many only saw in spy movies or a futuristic utopia. However, as organizations more consistently look at the potential of biometric tools, they increasingly become a modern-day reality. 

With individuals across every generation identifying a need for security solutions that go beyond password-based systems on their personal devices, commercial organizations are being incentivized to create products with biometric capabilities, whether it’s a fingerprint scanner to open your iPhone or facial recognition to enter an apartment building. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

While this growing trend is important for consumers and commercial businesses, it will ultimately depend on the federal government to ensure these systems are ethical and secure. The Homeland Security Department is even looking into hiring a communications team for their Office of Biometric Identity Management, to avoid any biometric-related PR disasters. Just one example of how closely citizens tie biometrics with the government. 

Big Brother or Watchful Neighbor? 

Earlier this year, with legislators debating the ethics behind the FBI’s facial recognition...