Operationalized Security for a Safer Government

In this industry perspective, we’ll explore how to create those appropriate policies, processes and tools with the help of a trusted solutions provider. We’ll explain why agencies are currently struggling to counter advanced attacks, how they can learn from their environment and what they need to evolve their defenses. Finally, we’ll investigate how operationalized security… Read more »

Public Sector Challenges to Combating Cyberthreats

Private companies, organizations and even the federal government spend billions every year on various forms of perimeter security. Between firewalls, IPS/IDS devices, endpoint detection solutions, sandboxing, direct security information and event management (SIEM) monitoring and traditional antivirus and antimalware installations, most organizations seem to be bristling with protections that should make them secure – at… Read more »

The Continuous Diagnostics and Mitigation Program

Welcome to the GovLoop Academy course on Continuous Diagnostics and Mitigation, a Department of Homeland Security program that provides government agencies automated cybersecurity capabilities to defend against today’s advanced threats. According to DHS, the CDM program helps to “identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity… Read more »

Getting the Most from Continuous Diagnostics and Mitigation

Federal networks become increasingly complex as they evolve to support critical internal missions and the delivery of citizen services. At the same time, they face a continuous barrage of probes and attacks from increasingly sophisticated adversaries. To protect complex networks in the face of these threats, federal cybersecurity is evolving beyond periodic assessment of static… Read more »

It’s Your Data: Protect It End-to-End

Bill Bacci, Federal Director of Data Security at HPE, explained why government agencies need a comprehensive approach to enterprise data protection in a recent interview with GovLoop. He also shared how data security technologies can help agencies achieve end-to-end data-centric security without compromising functionality.

Why You Need an Effective Risk-Management Strategy for Cybersecurity

There are few constants when it comes to federal cybersecurity. Agencies are bombarded daily with evolving cyber attacks against their sensitive data and systems. They also face a never-ending battle to secure consumer devices that employees are connecting to their networks. Although agencies can’t control the sophistication and frequency of attacks, they can take steps… Read more »

Making the Most of FedRAMP

When the Federal Risk and Authorization Management Program (FedRAMP) launched in 2012, cloud computing was a fairly new business model in government. Few agencies were buying IT services and they were struggling to grasp the logistics of cloud procurement, implementation and security. Fast-forward to the present. Virtually every Cabinet-level agency, including the Defense Department, is… Read more »

Digital Content Security: Breaking Down What You Need to Know

This pocket guide from GovLoop will look at content security practices in the public sector, why it matters, government rules and regulations related to digital data and its security and current challenges in this area. We’ll also provide tips and tricks that you can apply to help make content at your agency more secure today… Read more »

How SecOps Can Benefit Your Agency

Managing the balance between security and system performance is a high stakes battleground that operations and security teams must navigate carefully. Building consensus between these groups can be challenging, with one team focused strictly on security, while the other wants to ensure uptime and high performance for existing or new services. These competing priorities and… Read more »

How a Layered Approach Improves Security

As government relies more heavily on information technology to store, manage and access critical data, it also creates greater potential for that information to be misused or exposed. Data clearly shows that internal threats and external hackers are taking advantage of those vulnerabilities. To help safeguard this ever-expanding attack surface, public key infrastructures, or PKI, have become a standard… Read more »

Facing FITARA Challenges

The federal government is spending over $80 billion per year on its information technology (IT), but estimates say as much as $20 billion of this is wasted through poorly managed acquisition and implementation. Enter FITARA. The goal of the Federal IT Acquisition Reform Act (FITARA), enacted on December 19, 2014, is to mitigate this problem… Read more »

Your Guide to Government’s Critical Cyberthreats

It seems like every time you check the news, you read another alarming headline like “Database leak exposes 191M voter registration records” and “21.5 million exposed in second hack of federal office.” It’s clear that government is fighting a constant war in cyberspace, and it’s occasionally losing. But is that the whole story? What’s often… Read more »

A Holistic Approach to Cybersecurity in Government

There are few issues more pressing in government today than cybersecurity. The stakes have become increasingly high as hackers routinely exploit known and unknown computer vulnerabilities and infiltrate government networks to steal sensitive data and cause harm. With that in mind, what options do agencies have when it comes to detecting and defending against these… Read more »

Your Path to Combat Cybersecurity Threats

Government has entered a new era of cybersecurity threats. With cyber attacks being directed more at applications now, agencies need transformative solutions that are simple, secure, and cost-effective. An enterprise application delivery control, like Citrix Netscaler, can help your agency combat cyberthreats while maintaining cost-efficiency. This infographic explains: Current challenges in the new era of cybersecurity How… Read more »

Your Guide to Understanding State and Local Government

Every January, the President of the United States makes the 1.5-mile journey from the White House to the Capitol Building to address the three branches of government and the public through the annual State of the Union speech. For more than 200 years, presidents from George Washington to Barack Obama have taken the opportunity to… Read more »

Cyber Land: The Path to Security

The federal budget, the president’s State of the Union, and myriad ongoing agency initiatives highlight how dedicated the federal government is to improving cybersecurity in 2016. But before we dive into a new year with new initiatives, it’s important to understand how we got here – what attacks we’ve endured and the progress we’ve made to get… Read more »

CDM and Einstein: The Foundations of Federal Civilian Cyberdefense

Interest in government cybersecurity has never been higher. High-profile leaks by Edward Snowden and Chelsea Manning, coupled with external attacks on entities including the White House, have attracted a spotlight. But after data on 21.5 million federal employees and their families were exposed in the breaches of the Office of Personnel Management’s Information systems, many more… Read more »

Securing Your Agency From End to End

Gone are the days when cybersecurity was just an information technology problem. In 2015 alone, eBay, LivingSocial, Adobe, Evernote, Home Depot and JPMorgan Chase joined the ever-growing list of companies facing major security breaches. And it’s not just about compromised data: The breaches also amount to millions, if not billions, of dollars in lost revenue,… Read more »

Why Prevention Still Matters: The Cybersecurity Approach You Can’t Abandon

The recent breach of Office of Personnel Management data affected 22 million records, but its ramifications are, in fact, even more far-reaching than that. Media coverage of the event ensured that many more people worldwide are aware of the U.S. government’s cybersecurity shortcomings and those people are demanding a swift response. It’s in this very… Read more »

Why You Should Care About FedRAMP

The Federal Risk Authorization Management Program (FedRAMP) is a governmentwide program that provides a standardized approach for assessing the security of cloud products and services, authorizing them for government use and continuously monitoring the long-term security of those cloud solutions. Here’s why FedRAMP needs to be on your radar:

A Better Strategy to Stop Insider Threats

In 2015 so far, the number of people affected by U.S. government cyberattacks has reached an all-time high. From the OPM breach to lesser-known attacks, cybersecurity is rightfully a massive concern for government officials. Although many cybersecurity conversations have centered on online vulnerabilities, few have adequately addressed the physical threat that individuals with privileged access present. Undoubtedly, the public sector would benefit… Read more »

How Gov Gets Hacked

Whether we like it or now, recent events have impressed the susceptibility of government organizations to cyberattacks. But when you read the headline, “Agency Information Exposed!”, do you actually know what that means? Do you really understand what cyberattacks look like, how they’re executed, or who pays the real price when they’re successful? This infographic explains how… Read more »

The Future of Cybersecurity: 15 Trends Safeguarding Government

Public servants have always been on the frontline of American defense, whether serving in combat positions or conducting analyses at a desk. They have long protected our infrastructure, economy, freedoms, and national interests. In the current age of cyber insecurity, those duties have never been more important. Every employee at every level of government is charged with protecting our information from foreign and… Read more »

Achieving Full Spectrum Dominance

The battlefield is changing for American forces. It is larger, now spanning cyberspace and even outerspace, and it is more crowded with new, aggressive actors including non-state terror groups and solo hackers. In order to maintain control of this increasingly expansive and diverse threat environment, the Department of Defense must transform its organization, its people, and its strategies. And… Read more »

Achieving Security with the NIST Cybersecurity Framework

Cyberthreats present serious, ever increasing risks to federal agencies. An April 2014 Government Accountability Office report notes that federal agencies reported 64,214 information security incidents to the U.S. Computer Emergency Response Team (US-CERT) in 2013, a 104 percent increase from 2009. Government has responded through legislation, executive orders, and cross-agency priority (CAP) goals that put… Read more »

Combating Insider Threats

Recent highly publicized security breaches have recently brought insider threats into the eye of the mainstream. But federal government employees already know that insider threats are an ever-present hazard to government security and operations. To learn how agencies can minimize the risk of insider threats without further burdening their overstretched agencies, GovLoop sat down with Patricia Larsen,… Read more »

Protecting Your Data in the Cloud

Cybersecurity is the hottest buzzword in government these days. But just because people are talking about it, doesn’t mean they actually know how to achieve it. In reality, many government organizations are struggling to secure their data from internal and external threats. Taken alone, cybersecurity is challenging. The speed of evolution and the consistency of… Read more »

How Government Does Cybersecurity

In the face of mounting threats, government has established cybersecurity as a top priority. But how exactly will local, state, and federal agencies accomplish the mission of securing critical information and infrastrcuture? Rather than taking on threats alone, every facet of government has to work together to create a comprehensive and robust cyber strategy. Each… Read more »

Securing Government: Lessons from the Cyber Frontlines

Many news outlets declared 2014 to be “The Year of the Breach,” especially for government. The title seems appropriate. Last year, the U.S. Postal Service (USPS), the Nuclear Regulatory Commission, the State Department, and even the White House fell victim to successful hacks that resulted in sensitive information being exposed to adversaries and the public…. Read more »

Gaining the Situational Awareness Needed to Mitigate Cyberthreats

To become more resilient against cyberthreats, agencies must improve visibility and understand events happening on their networks. With increased awareness, organizations will see operational benefits and save employees valuable time, improving productivity and morale. To achieve these benefits, agencies need to deploy the right kind of infrastructure. They must look to a platform approach and… Read more »

Zero Trust: The Network Security Infrastructure of Tomorrow

In our interconnected and highly-globalized world, agencies must deploy emerging technology to improve service delivery and connect employees to data anywhere, anytime. But as trends like cloud, virtualization, telework and mobile continue to gain traction in government, cybersecurity cannot be an afterthought: it’s mission critical. And now, more than ever before, mitigating the impacts of… Read more »

Transforming Agency Security with Identity & Access Management

The rampant increase in cyberattacks, mounting regulatory requirements, and the constant concern over insider threats mean that securing your agency’s resources is more important than ever. Yet at the same time, agencies face budgetary constraints, staff shortages, and a host of conflicting priorities that result in basic security protocols—things like ensuring users have appropriate access… Read more »

The Evolution of Identity Management

Given the mounting threat of cyber attacks coupled with a proliferation of information now accessible online, multilayered identity management systems are more important than ever to any agency’s security infrastructure. Fortunately, most organizations understand the necessity to protect online information by creating stringent verification processes for users. Simply ensuring that the right person is accessing… Read more »

The Joint Information Environment: The IT Framework for the Future

In December of 2012 the Department of Defense (DoD) developed the Joint Information Environment (JIE) framework. JIE is an ambitious multi-year effort designed to realign, restructure and modernize the Department’s information technology networks. The JIE framework will change the way DoD networks are constructed, operated and defended. Since JIE is not a program of record,… Read more »

Your Cybersecurity Crash Course

In 1988, Robert Tappan Morris became the first person to be convicted under the U.S. Computer Fraud and Abuse Act. Curious about how big the Internet was, Morris wrote a script now known as the “Morris worm.” He never intended to inflict harm to machines, but as the worm replicated and spread throughout the Internet,… Read more »

Before, During and After an Attack: An Integrated Strategy for Cybersecurity

The world of cybersecurity is immense. The jargon surrounding the subject is nearly as varied. Here are a few examples: There’s malware, damage, espionage, regulation, education, viruses, advanced persistent threats, partners, reputation insider threats – and that’s just a small sample. Adding to this complexity is a common disconnect between technology experts within the organization,… Read more »

The Continuous Diagnostic and Mitigation (CDM) Field Guide

In today’s world, it’s imperative that government protects our critical infrastructure to preserve our physical and economic security. To do so, cyber professionals must obtain real-time visibility of networks, improve ability to mitigate known flaws and decrease security risks by reducing their vulnerabilities. That’s why the CDM program is so important. The program enables agencies to decrease… Read more »

Innovations That Matter: Your Road Map to a Secure Future

In today’s digital world, no organization is immune from cybersecurity threats. Whether it’s Target, LivingSocial, the Federal Reserve or any other public-facing institution, every organization is at risk of having its data and infrastructure compromised. For security professionals today, being secure isn’t just about thwarting attacks – it’s also being prepared to react once you… Read more »

Important Weapon in the Cyber War: SecureView MILS Workstation

Cyber threats are rising rapidly and government needs an alternative, secure solution to the present operating environment where multiple machines are required for multiple types of information. This Industry Perspective explains the robust, unparalleled advantages of SecureView, a low-cost, MILS (Multiple Independent Levels of Security) workstation with accredited cross-domain security developed in close collaboration between… Read more »

Cyber Security in Focus

As agencies begin to deploy cloud computing, mobile and big initiatives, it’s important to realize that emerging technology is essential to meet growing public sector demand. Yet, emerging technology may also expose agencies to increased risks. This infographic puts cyber security in focus, showing current trends in cyber security at the federal level, adoption of… Read more »

NSTIC Programs- Fixing Passwords and Reducing Identity Theft

The Identity Ecosystem steering group, which seeks to provide a marketplace with multiple identity providers that issue trusted credentials, has 1100 individuals and 450 companies and federal agencies participating. They chose five organizations to pilot identity solutions. Below are the agencies and what they are doing to reduce cyber crime and identity theft.