Risk Management

5 Ways to Improve Emergency Preparedness for Next Time

A permanent team that is focused solely on national preparation and ensuring that the relevant federal agencies are all on the same page should coordinate all five of these components.

ICAM, CDM Put Identity-Based Security Front and Center

Agencies must be able to identify, monitor and manage all people, applications and devices that access government resources.

Audit: HUD Doesn’t Ensure Sensitive Data It Shares Is Secure

A Government Accountability Office pointed to high turnover rates for top privacy and IT security officials as a reason for the agency's poor performance.

When You Can’t Add Cybersecurity Staff, Build Cyber-Resiliency Instead

But organizations should be careful that they aren’t just throwing additional, sophisticated tools at existing employees to solve the problem.

Diving into Government’s Trusted Internet Connections Standard 3.0 

The policy lays out the framework for security, but allows agencies to fill in the details based on their unique missions.

How to Head Off Public Assistance Fraud Before Dollars Go Out the Door

Opting to chase and recover money fraudsters steal from government agencies is not a sustainable strategy.

DISA to Release Zero-Trust Model This Year

Vice Adm. Nancy Norton said the Defense Department must take a data-centric approach to protecting its networks.

Pentagon’s Enterprise DevSecOps Initiative Presents an Ambitious Model for the Future of Software

The Air Force’s chief software officer provided insights into the operation of Platform One, a project at the beginning of what could be a profound transformation for cybersecurity.

We Need Mission-focused Risk Management Programs to Adapt to Changing Circumstances

In the midst of a global pandemic, it is more important than ever to know which systems are critical to our operations.   

How Agency CIOs Can Enable Business and Reduce Risk

Visibility is essential for CIOs to accomplish their mission and meet compliance.

Why Companies Should Be Open About Cybersecurity

Companies that are open about their cybersecurity risk management fare significantly better with investors than peers that don’t disclose those efforts, new research shows.

How to Manage Risk Along the Federal Government Supply Chain 

Even the most sophisticated federal agencies have found it difficult to effectively measure and evaluate the cyber risk of their contractor base.

CISA Chief Unveils Vision for Federal Cybersecurity

Civilian agencies shouldn’t all be forced to manage their own cyber risks, Chris Krebs said.

It’s Official: Defense Department Will Use Other Agencies’ Cloud Security Assessments

The department’s IT office issued a provisional rule to accept other agencies’ FedRAMP ATOs without the need for written approval.

GSA Cyber Expert Offers Tips on Cloud Security

Dan Jacobs says agencies should treat security like a team sport and avoid falling in love with the latest cyber products.

CISA Recommends Three-Pronged Approach for Mobile Security

Part of that is taking on the mindset of your potential attacker, an agency official said.

NASA’s Moon Plans Rely Heavily on Mobile Tech

CIO Renee Wynn weighed in on how America’s space agency embraces mobility.