Risk Management

When You Can’t Add Cybersecurity Staff, Build Cyber-Resiliency Instead

But organizations should be careful that they aren’t just throwing additional, sophisticated tools at existing employees to solve the problem.

Diving into Government’s Trusted Internet Connections Standard 3.0 

The policy lays out the framework for security, but allows agencies to fill in the details based on their unique missions.

How to Head Off Public Assistance Fraud Before Dollars Go Out the Door

Opting to chase and recover money fraudsters steal from government agencies is not a sustainable strategy.

DISA to Release Zero-Trust Model This Year

Vice Adm. Nancy Norton said the Defense Department must take a data-centric approach to protecting its networks.

Pentagon’s Enterprise DevSecOps Initiative Presents an Ambitious Model for the Future of Software

The Air Force’s chief software officer provided insights into the operation of Platform One, a project at the beginning of what could be a profound transformation for cybersecurity.

We Need Mission-focused Risk Management Programs to Adapt to Changing Circumstances

In the midst of a global pandemic, it is more important than ever to know which systems are critical to our operations.   

How Agency CIOs Can Enable Business and Reduce Risk

Visibility is essential for CIOs to accomplish their mission and meet compliance.

Why Companies Should Be Open About Cybersecurity

Companies that are open about their cybersecurity risk management fare significantly better with investors than peers that don’t disclose those efforts, new research shows.

How to Manage Risk Along the Federal Government Supply Chain 

Even the most sophisticated federal agencies have found it difficult to effectively measure and evaluate the cyber risk of their contractor base.

CISA Chief Unveils Vision for Federal Cybersecurity

Civilian agencies shouldn’t all be forced to manage their own cyber risks, Chris Krebs said.

It’s Official: Defense Department Will Use Other Agencies’ Cloud Security Assessments

The department’s IT office issued a provisional rule to accept other agencies’ FedRAMP ATOs without the need for written approval.

GSA Cyber Expert Offers Tips on Cloud Security

Dan Jacobs says agencies should treat security like a team sport and avoid falling in love with the latest cyber products.

CISA Recommends Three-Pronged Approach for Mobile Security

Part of that is taking on the mindset of your potential attacker, an agency official said.

NASA’s Moon Plans Rely Heavily on Mobile Tech

CIO Renee Wynn weighed in on how America’s space agency embraces mobility.

The Pentagon Spent Millions on Vulnerable Chinese Tech in 2018, Watchdog Says

The procurements, which could expose the department and its contractors to espionage and cyberattacks, highlight significant gaps in the Pentagon’s supply chain security policies.

Agencies Still Falling Short on Cyber Standards, GAO Says

Despite thousands of watchdog recommendations and a growing array of digital threats, agencies are still dropping the ball on cybersecurity, auditors found.

CISA Explains Why Enterprise Approach To Security is Gamechanging

The agency’s assistant director for cybersecurity highlighted multiple aims and accomplishments.