Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
Senate Majority Leader Harry Reid, in a letter, informed Minority Leader Mitch McConnell of his decision to bring cybersecurity legislation to the floor during the first work period of 2012 legislative session.
Security incidents reported over the past five years have placed the confidentiality, integrity and availability of sensitive government information and information systems at risk, an annual GAO review reveals.
The shift to monthly reports of key metrics through CyberScope from annual FISMA filings allows security practitioners to make decisions using more information and more quickly than ever before, OMB Director Jacob Lew says.
"At the end of the day, we're going to have to spend money on (cybersecurity), real money on this, but we have to make sure that we're spending in a way that makes sense," Sen. Tom Carper says.
A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.
The Commission on Cybersecurity for the 44th Presidency co-chair praises the president's commitment, but says much more work needs to be done to develop a strategy to combat cyber threats.
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
Cybersecurity reform was part of a defense bill that included a provision to repeal a law that bar gays from serving openly in the military. Supporters couldn't muster the support to bring a Senate vote on the bill.
The curious fact about cybersecurity legislation before Congress is that nearly everyone sees a need for it, and there's no partisan bickering, yet few people see a comprehensive federal information security bill becoming law this year.
The Protecting Cyberspace as a National Asset Act also would replace paper-based FISMA compliance with continuous monitoring of technology systems and assaults by "friendly hackers" to test IT vulnerabilities.
The Obama Administration has a heavy emphasis on information security, and already we're seeing greater attention paid to cybersecurity and FISMA reform. Now is the time for government agencies to benchmark and strengthen their information security programs.
Learn from security veteran Patrick Howard, CISO of the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.