Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Digital Transformation
  • Cybersecurity
  • Remote Work
  • Resources
    • C-Suite Directions for Agile Government
    • Civilian Agency
    • Innovative Solutions for Connecting Agencies
    • Modern Data Experience
    • Podcasts
    • State and Local
Government Technology Insider
  • Acquisition
  • AI & Data
  • Digital Transformation
  • Cybersecurity
  • Remote Work
  • Resources
    • C-Suite Directions for Agile Government
    • Civilian Agency
    • Innovative Solutions for Connecting Agencies
    • Modern Data Experience
    • Podcasts
    • State and Local
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

Five Ways to Define your Agencies’ Level of Security

by GTI Editors
July 22, 2014
in Cybersecurity
Reading Time: 5min read
A A
Share on FacebookShare on Twitter

What does it mean to be secure? We wanted to know how an agency’s information technology officials could say with confidence that they have taken the right steps to protect its information. It became quite clear that security is not only a state of being, it’s also a mind-set and the ability to create a culture rooted in security. In the dynamic and asymmetric world in which cyber professionals operate, they must constantly look at innovative ways to stay ahead of attackers.

Through our research and with help from industry experts, we identified five dominant themes about what it means to be secure:

1. Having Real-Time Awareness

Attacks on agencies are occurring more frequently than ever, and agencies now must be able to analyze threats and attacks in real time. Being secure doesn’t just mean being able to respond quickly; it’s having the knowledge and insights to spot attacks as they are unfolding. To gain that awareness, agencies must understand what their network looks like and who accesses it and how.

“The reality is most organizations don’t know what being totally secure looks like in the cyber world,” said Robert Roy, federal chief technology officer at HP Enterprise Security Products. How can they if they don’t know what they are protecting, or they don’t understand the vulnerabilities, or they don’t fully understand the threat? Any secretary should be asking: ‘How secure is my business?’ and to answer that question, it is going to take a fully implemented CDM solution, both technically and organizationally.”

2. Continuous Assessing Vulnerabilities

You could craft the best plans and policies, but they will fall flat if the policies are not enforced. A risk management policy should help you understand who access data, how they access it and when. The policy will also provide clarity on proper data usage for stakeholders and data users.

“Enforcing a dynamic cybersecurity risk management policy is crucial to being secure. This policy needs to be thoroughly understood and adopted by all stakeholders, both internal and external—those accessing your data, your network, and your resources. This policy cannot be stagnant; it must adapt to evolving threats to the network. It should enable risk-based decision-making, aligned to your mission and business objectives. Your users will always be the weakest link in the chain, so it’s essential that all levels of the workforce participate in continuous cybersecurity education in order to understand the risk they pose as users of the network, and how they can eliminate those risks,” said Chris Wilkinson, senior director, Cybersecurity Technologies, immixGroup.

3. Mitigation and Administering Rapid Response

In today’s environment, organizations must quickly deploy mitigation techniques and respond rapidly to complex attacks. For government, this means that there needs to be a way to connect people to technology.

“Being secure is a moving target insofar as you have to understand the cybersecurity is ever evolving,” said Patrick Flynn, director of Homeland/National Security Programs at Intel Security Federal

Business Development. “It’s like asymmetric warfare in Afghanistan or Iraq – you don’t know what the enemy necessarily looks like. So as long as you understand that, and you have the ability to put the solutions in place and bring in the human to understand and recognize those threats.”

4. Gaining Clarity from Complexity

There is no doubt that security is complex for government administrators. In our survey of 160 cybersecurity professionals, we found that the biggest cyberthreats agencies face are external unauthorized access and people. Respondents believe their largest gaps in cybersecurity solutions reside in least privilege and infrastructure integrity (people and devices). These findings show that CDM is positioned well to provide access to the government community to the right solutions to improve their overall security posture.These various attack vectors are challenging cyber professionals.

“One of the biggest challenges faced by both government and commercial enterprises today is that of rapidly growing complexity,” said Tim Woods, vice president of engineering at FireMon. “I’m not referring to the type of complexity that one finds in a well-orchestrated security architecture, but moreover the unnecessary complexity that has crept in over time that has left us with large gaps in our security defenses. Unnecessary complexity gives rise to the probability of human error creeping into the equation as well.”

5. Automating Processes

Automation is an imperative part of cyber defense. By automating traditionally manual processes, agencies can improve compliance and reporting strategies. Automation can help IT managers react quickly and develop new ways of thinking about cyber issues. Still, no defense strategy is flawless; some attacks are bound to work. Cybersecurity today is as much a practice of damage control as it is of prevention.

“Today’s real world requires a threat-centric approach to security. We have to assume that a certain number of attacks are going to be successful,” said Steve Caimi, industry solutions specialist at Sourcefire, which Cisco acquired last year. “We need to have the capabilities to know that it’s happening right now and react quickly.”

For cybersecurity professionals, defining what it means to be secure is complex. CDM helps because it’s designed to improve agencies’ security posture by assessing, analyzing and mitigating attacks. As we explore how to participate in the CDM program, it’s important to keep these considerations of an effective cybersecurity policy in mind.

For more information on the CDM process and to view some interesting statistics and content, you can download “The Continuous Diagnostic & Mitigation Program Field Guide” Report for FREE.

Patrick Fiorenza is a Senior Research Analyst at GovLoop which strives to connect government to improve government. He can be reached at pat@govloop.com. 

Tags: CDMcontinuous diagnostics and mitigationgovernment

RELATED POSTS

IoT Devices
Security

As IoT Devices Put Government Agencies at Risk, Securing Endpoints Has Never Been More Important

March 11, 2021
artificial intelligence
Digital Transformation

An AI-Ready Government Leads to Improved Operational Efficiency, Security, and Mission Success

September 25, 2020
Third Party Risk Increases During the Pandemic
COVID-19

Third Party Risk Increases During the Pandemic

August 27, 2020
Please login to join discussion

TRENDING NOW

  • Billy Biggs

    Support, Security, and Success: Insights from Billy Biggs, Area Vice President – US Public Sector Sales with BlackBerry

    0 shares
    Share 0 Tweet 0
  • Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    0 shares
    Share 0 Tweet 0
  • Three Strategies for Optimizing and Securing Multi-Cloud Environment for Federal Agencies

    0 shares
    Share 0 Tweet 0
  • Federal Remote Worker Podcast Series – Part 1: Wireless Communications are Essential to Keeping Government Workers Connected During COVID-19

    0 shares
    Share 0 Tweet 0
  • Quantum Key Distribution (QKD) — Securing Future Network Communications

    0 shares
    Share 0 Tweet 0

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banners Advertisement Banners Advertisement Banners
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2021 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Digital Transformation
    • Cybersecurity
    • Remote Work
  • Contact Us