Because adversaries like China and Russia increasingly have their hands in the information communication technology arena – whether directly or through subsidiaries – one of the keys to improving cybersecurity in an expanding threat landscape involves strong risk management, in addition to prevention, Federal experts said this week. […]
The Government Accountability Office (GAO) said in a new report this week that the United States Coast Guard needs to get a better handle on risk evaluations for some of its smaller IT acquisition projects. […]
While many cybersecurity officials strive to achieve “no risk” when it comes to cyber risk management, officials from NASA this week explained that’s just not possible and suggested that agencies instead focus on managing risks that are important to the mission. […]
The U.S. Army’s new Risk Management Framework (RMF) 2.0 has proved to be a “big game-changer,” not just in terms of managing risk, but also in building a strong cybersecurity community within the agency, an Army official said today. […]
In the new era of cyber defense, Ted Okada, chief technology officer (CTO) at the Federal Emergency Management Agency (FEMA), stressed that IT leaders must take the right risks to lead their teams in risk management efforts. […]
The Treasury Inspector General for Tax Administration (TIGTA) found that while IT risk management practices are improving for the Internal Revenue Service (IRS), mitigation documentation and oversight practices need to be improved. […]
Most government agencies have met Federal mandates to establish cyber risk executives and establish policies to make risk-based decisions on cybersecurity, but many agencies still need to establish cyber risk strategies, conduct risk assessments, and address gaps in existing risk management policies, according to a Government Accountability Office (GAO) report released July 26. […]
Risk management in the modern age is largely about cyber hygiene, said Wanda Jones-Heath, Chief Information Security Officer (CISO) for the U.S. Air Force’s Office of the Deputy CIO, today. […]
The General Services Administration (GSA) rescheduled its planned outreach to industry in looking for an automated solution that can help agencies conduct audits of Federal grant recipients. The new date for the virtual pre-demonstration conference is March 4, and industry demonstration days will be held on April 3 and April 5. […]
Former CFO at the Department of Education, Doug Webster, was on a segment of Government Matters this week to discuss the best practices for enterprise risk management (ERM) as government agencies deal with the risks of the partial government shutdown. […]
The National Institute of Standards and Technology (NIST) released the final version of its new risk management framework (RMF)–NIST SP 800-37 Revision 2–addressing both security and privacy concerns in IT risk management. […]
The Census Bureau found nearly 3,100 security weaknesses after testing 33 of its 44 systems, leaving a large amount of work to be done before the 2020 Census, according to a Government Accountability Office (GAO) report on the agency’s IT systems. […]
With an increasing attack surface resulting in millions of new threats every year, partially updating C&A documents every six months, re-mediating a few Plan of Action and Milestones, and updating all docs every three years, won’t, and doesn’t, keep the bad guys out of Federal networks. […]
The U.S. General Services Administration and the Partnership for Public Service recently launched the Playbook: Enterprise Risk Management for the U.S. Federal Government. […]
Chief information security officers (CISOs) and other IT executives have become more proactive in their approach to cybersecurity investment and risk management, according to a new study. “Over the past couple of years the landscape has changed dramatically,” researchers at Southern Methodist University’s Darwin Deason Institute for Cyber Security found. “Cyber risk is now a […]