Risk Management

Why Companies Should Be Open About Cybersecurity

Companies that are open about their cybersecurity risk management fare significantly better with investors than peers that don’t disclose those efforts, new research shows.

How to Manage Risk Along the Federal Government Supply Chain 

Even the most sophisticated federal agencies have found it difficult to effectively measure and evaluate the cyber risk of their contractor base.

CISA Chief Unveils Vision for Federal Cybersecurity

Civilian agencies shouldn’t all be forced to manage their own cyber risks, Chris Krebs said.

It’s Official: Defense Department Will Use Other Agencies’ Cloud Security Assessments

The department’s IT office issued a provisional rule to accept other agencies’ FedRAMP ATOs without the need for written approval.

GSA Cyber Expert Offers Tips on Cloud Security

Dan Jacobs says agencies should treat security like a team sport and avoid falling in love with the latest cyber products.

CISA Recommends Three-Pronged Approach for Mobile Security

Part of that is taking on the mindset of your potential attacker, an agency official said.

NASA’s Moon Plans Rely Heavily on Mobile Tech

CIO Renee Wynn weighed in on how America’s space agency embraces mobility.

The Pentagon Spent Millions on Vulnerable Chinese Tech in 2018, Watchdog Says

The procurements, which could expose the department and its contractors to espionage and cyberattacks, highlight significant gaps in the Pentagon’s supply chain security policies.

Agencies Still Falling Short on Cyber Standards, GAO Says

Despite thousands of watchdog recommendations and a growing array of digital threats, agencies are still dropping the ball on cybersecurity, auditors found.

CISA Explains Why Enterprise Approach To Security is Gamechanging

The agency’s assistant director for cybersecurity highlighted multiple aims and accomplishments.

What Connected Patients Risk

Internet-enabled medical devices are designed to improve patient safety but pose a significant risk if left unsecured.

Here's How a Supply Chain Task Force Recommends Avoiding Counterfeit Tech

Federal buyers should help secure supply chains by buying from original manufacturers and authorized resellers.

The Risk Management Framework Is Dead. Long Live the RMF.

A framework is just that: a frame of reference from which to adapt according to your needs and situation.

Census’ Cybersecurity Plan is Full of Holes, Watchdog Says

The 2020 Census will be a prime target for digital adversaries, but the plans for fighting those threats are incomplete and outdated, the Government Accountability Office found.

Air Force’s New Fast-Track Process Can Grant Cybersecurity Authorizations In One Week

The process is a mix of quick but comprehensive testing up front followed by continuous monitoring through the life of the app.

Understanding Today’s Mobile Software Supply Chain Risks

The reality is that supply chain risk is also a concern in the software frontier.