The latest report to Congress on the implementation of the Federal Information Security Management Act runs 68 pages. But even after reading the entire report, don't be surprised if you can't tell if government IT systems are secure. Here's why.
The bill's chief sponsor says agencies struggle with cyberthreats. "This update to FISMA will incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years." Rep. Darrell Issa says.
Congressional auditors contend the Internal Revenue Service has failed to implement effectively parts of its IT security program, which could adversely affect the confidentiality, integrity and availability of sensitive taxpayer information.
Malware was spread in unique ways in 2012, particularly through drive-by exploits. In 2013, organizations can expect more exploits targeting social networks, says Adam Kujawa of Malwarebytes.
Phishers now shield malicious code behind the guise of legitimate digital certificates. How can organizations ensure they don't fall victim to these attacks? Jerome Segura of Malwarebytes offers tips.
From sophisticated malware to socially-engineered schemes, banking institutions of all sizes are under constant, multi-channel attack. How can they respond? Daniel Ingevaldson of Easy Solutions shares ideas.
Advanced persistent threats are evolving, and banks can help thwart them by using continuous monitoring for real-time detection, says J. Paul Haynes of eSentire.
From sophisticated malware to socially-engineered schemes, banking institutions of all sizes are under constant, multi-channel attack. How can they respond? Daniel Ingevaldson of Easy Solutions shares ideas.
Compromise - a rare word heard between Capitol Hill and 1600 Pennsylvania Avenue - is being bantered about as the first major cybersecurity bill of the new Congress is introduced.
Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
In 2012, we saw the rise of state-sponsored malware, as well as the evolution of Trojans and ransomware. What new threats will 2013 bring? Adam Kujawa of Malwarebytes offers insights.
As a growing number of enterprises turn to cloud computing, the government could reclassify the cloud as a critical infrastructure, putting it on par with electrical grids, public-health networks and banking systems. Will regulations follow?
It will be a few years until many organizations reach a level of maturity with continuous monitoring. Getting there will take organizationwide acceptance, says George Schu of Booz Allen Hamilton.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.