Premium Essay

Emerging Cybersecurity Policies in the Federal Government

In: Computers and Technology

Submitted By csigel
Words 6354
Pages 26
Emerging Cybersecurity Policies in the Federal Government

Information Assurance Officer and Risk Management Analyst Department of Defense.

Emerging Cybersecurity Policies in the Federal Government

Information Assurance Officer and Risk Management Analyst Department of Defense.

CSEC 655 UMUC
Individual Assignment 1
September 16, 2014

CSEC 655 UMUC
Individual Assignment 1
September 16, 2014

Table of Contents Emerging Cybersecurity Policies in the Federal Government 3 Emerging Policies and Practices 4 Defense in Depth (DID) 5 Security Risk Frameworks 6 Test Driven Development 8 Business Service Frameworks 9 Acceptance and Preparation for Failure 11 The Federal Government and these Emerging Policies and Practices 13 The Feds and Defense in Depth 14 The Feds and Security Risk Frameworks 14 The Feds and Test Driven Development 16 The Feds and Business Service Frameworks 17 The Feds and Acceptance and Preparation for Failure 19 How could the Feds continue to improve 20 References 22

Emerging Cybersecurity Policies in the Federal Government
One of the largest and most important enterprises there is to protect in the cyber security realm are the various networks that make up the federal government. This massive undertaking to secure the systems, networks, and data of the various governmental agencies is a never ending uphill battle. The requirements of the federal government enterprise to be globally far reaching, as well as user friendly, scalable, and multi-functional lie in direct contrast with the additional requirements for the data the federal government enterprise harbors to be secure with extremely high availability, integrity and confidentiality. This balancing act of usability versus security is common among all enterprises, but it is radically highlighted within the federal government sector due to...

Similar Documents

Premium Essay

Emerging Cybersecurity Strategies

...an increase in funding and support for the study of emerging cybersecurity technologies. The considerations for this paper are to discuss the emerging technologies and strategies that can be integrated across the public and private sector to improve cybersecurity on a local, national, and international level. New technologies need to dynamically assess networks real-time such as with the use of Remote Agents and Real-time forensic analysis. These technologies also need to make the attack space less predictable and constantly evolving such as through the use of moving target defense. Emerging Cybersecurity Technologies The E-government Act of 2000 was signed by President Bush to move toward a more 24-7 government. The dream was to eliminate the need to have to stand in line at the DMV for half a day just to pay annual vehicle registration fees (Barker, 2011). Security was certainly a concern, but it was not at the forefront of the move as government agencies would go through massive changes in equipment, manning, and practices in order to move information and programs online. Now, over a decade later we still see moves and changes taking place, such as the department of Veterans Affairs recently moving all of their applications, forms and records online. The expensive cost of getting the government caught up was expected with such an overhaul in the system; however, the U.S. should have spent more on cybersecurity and had to learn this lesson the hard way. The......

Words: 2624 - Pages: 11

Premium Essay

Cybersecurity Standards: a Case Study on Malaysian Banking Sector

...Cybersecurity Standards: A Case Study on Malaysian Banking Sector Anwer Yusoff Head, Industry & Business Department CyberSecurity Malaysia Sept 18th 2013 Copyright © 2013 CyberSecurity Malaysia Internet use in Malaysia 17 ,723,000 internet users Sources: Internet World Stats (30 June 2012) Copyright © 2013 CyberSecurity Malaysia 2 Internet use in Malaysia The highest usage was recorded among people aged 20-24. almost 6 in 10 (57%) regularly use the internet. Malaysian internet users (aged 20-24) spend an average of 22.3 hours online per week 87.9% of Malaysians on the internet access Facebook Once online, Malaysian’s Top 3 activities 1. social networking sites 2. instant messaging 3. reading local news Source: The Nielsen Company (April 2011) Copyright © 2013 CyberSecurity Malaysia 3 HIGH LEVEL USAGE = HIGH RISK Copyright © 2013 CyberSecurity Malaysia 4 HIGH LEVEL USAGE = HIGH RISK Cyber Security Incidents (1997-2013) Reported to Cyber999 Help Centre 16,000 15,218 Type of incidents: 14,000 • • • • • • • • 12,000 10,000 8,000 As at 31st August 2013 Fraud and scams Intrusion and web defacement Destruction Denial-of-Service Virus / Malware Harassment Content-related Intrusion......

Words: 1957 - Pages: 8

Premium Essay

Making Money

...Guidelines for Secure Use of Social Media by Federal Departments and Agencies Information Security and Identity Management Committee (ISIMC) Network and Infrastructure Security Subcommittee (NISSC) Web 2.0 Security Working Group (W20SWG) Version 1.0 September 2009 This document is publicly releasable Intended Audience This document is intended as guidance for any federal agency that uses social media services to collaborate and communicate among employees, partners, other federal agencies, and the public. Note: The Federal CIO Council does not endorse the use or imply preference for any vendor commercial products or services mentioned in this document. Guidelines for Secure Use of Social Media by Federal Departments and Agencies Page 2 TABLE OF CONTENTS INTENDED AUDIENCE............................................................................................................................................2 REVISION HISTORY ................................................................................................................................................4 ACKNOWLEDGEMENTS ........................................................................................................................................5 EXECUTIVE SUMMARY .........................................................................................................................................6 RISKS ......................................................

Words: 7347 - Pages: 30

Premium Essay

Challenges Facing the Finance Industry

...Challenges Facing the Finance Industry This paper will explore three problems facing the finance industry. Those problems include cybersecurity, compliance with regulation, and risk management. Three solutions will also be addressed later in this paper. 1 When one thinks about the finance industry, banks, credit agencies, insurance companies, and equity firms may come to mind. Over the years financial institutions have not been up to par. With the financial crisis that happened in 2008, the world is still recovering and paying high taxes for the amount of debt that it acquired. As a result of that crisis, the financial industry faces challenges that include cybersecurity, complying with regulation, and risk management. Although the industry faces these challenges, there are solutions that can make things operate smoother. One of the finance industries biggest challenge this year is cybersecurity. According to Hewitt, “The potential hacking of sensitive customer information is a top threat facing the financial industry in 2014.” Technology is vastly changing, and more people are beginning to use different softwares to handle the financial side of the business. With technology evolving, hackers are getting more experienced, and cyber-attacks are beginning to occur more frequently and more wide spread than they have been in the past. According to Rodriguez, “As the cost of technology decreases, the barriers to entry for cybercrime drop, making it......

Words: 2377 - Pages: 10

Premium Essay

Dodi 8500.01

...Department of Defense INSTRUCTION NUMBER 8500.01 March 14, 2014 DoD CIO SUBJECT: Cybersecurity References: See Enclosure 1 1. PURPOSE. This instruction: a. Reissues and renames DoD Directive (DoDD) 8500.01E (Reference (a)) as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 (Reference (b)) to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT). b. Incorporates and cancels DoDI 8500.02 (Reference (c)), DoDD C-5200.19 (Reference (d)), DoDI 8552.01 (Reference (e)), Assistant Secretary of Defense for Networks and Information Integration (ASD(NII))/DoD Chief Information Officer (DoD CIO) Memorandums (References (f) through (k)), and Directive-type Memorandum (DTM) 08-060 (Reference (l)). c. Establishes the positions of DoD principal authorizing official (PAO) (formerly known as principal accrediting authority) and the DoD Senior Information Security Officer (SISO) (formerly known as the Senior Information Assurance Officer) and continues the DoD Information Security Risk Management Committee (DoD ISRMC) (formerly known as the Defense Information Systems Network (DISN)/Global Information Grid (GIG) Flag Panel). d. Adopts the term “cybersecurity” as it is defined in National Security Presidential Directive-54/Homeland Security Presidential Directive-23 (Reference (m)) to be used throughout DoD instead of the term “information assurance (IA).” 2. APPLICABILITY a. This instruction applies to: (1) OSD,......

Words: 19443 - Pages: 78

Premium Essay

Nist

...PUBLICATIONS DRIVERS FEDERAL REGISTER NOTICES NEWS & EVENTS ARCHIVE FISMA Detailed Overview Risk Management Framework (RMF) RMF Steps / FAQs / Guides Applying the RMF to Federal Information Systems Course Security Categorization Security Controls Security Assessment Authorization and Monitoring Security Configuration Settings Industrial Control System Security Compliance Resources News Events Schedule FAQs - FISMA Project FISMA NEWS {Aug. 20, 2013} -- The FISMA Standard / Publication schedule has been updated. Click here to view updated schedule of FISMA documents. {Apr. 29, 2013} -- Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations has been approved as final. To view the full announcement of document release. {Apr. 29, 2013} -- The FISMA Standard / Publication schedule has been updated. Click here to view updated schedule of FISMA documents. {Jan. 18, 2013} – NIST anticipates the release of Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal information Systems and Organizations (Final Public Draft) on Tuesday, February 5th. The final public comment period will run from February 5th through March 1st. Final publication is expected by the end of April. {Nov. 8, 2012} -- Links to keynote presentations on Emerging Risk Management and Cyber Security Strategies are available at: Continuous Monitoring – FCW Executive Briefing Cybersecurity 2013 –......

Words: 599 - Pages: 3

Premium Essay

Cyber Security

...unauthorized access, change or destruction and the process of applying security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest. There are the various elements of the cyber security which are as: 1. Application Security 2. Information Security 3. Network Security 4. Mobile Security 5. Internet Security 6. Cyberwarfare One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected. "The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly..." http://whatis.techtarget.com/definition/cybersecurity Cyberspace Cyberspace is a worldwide network of computers and the equipment that connects them, which by its very design is free and open to the public. As Stanley Konter, CEO of Savannah's Sabre...

Words: 3559 - Pages: 15

Free Essay

E-Security Review

...E-SECURITY REVIEW 2008 Submission from Microsoft Australia Introduction Microsoft Australia welcomes the opportunity to participate through this Submission in the Whole-of Government Review of E-Security. A periodic review of the E-Security framework, in light of the quickly evolving threat landscape, is both timely and appropriate. Over the last thirty years there have been dramatic advances in information technology - the development of the microprocessor, the rise of the personal computer, the emergence of the Internet - which have revolutionised the way information is created, stored, shared, and used. Today, powerful, affordable and diverse devices, together with expanding broadband networks, create a powerful opportunity for connectivity for individuals and communities. Over the past two decades, rapid advances in software, IT services, and communications have enabled many traditionally separate and disparate infrastructures and business operations to become more connected. Through this connectivity virtually every aspect of society has experienced a transformation. Businesses and governments have been able to manage and streamline their operations. Individuals have been offered ready access to multiple sources of information thereby expanding knowledge and choice. Across every field of endeavour – commercial, social, scientific and philanthropic – the power of information has been increased and the transaction costs of engagement have been lowered. Our broad reliance...

Words: 13936 - Pages: 56

Free Essay

Russian Patriotic Hacking

...increased level of concern over the most recent attacks has resulted in devoting more resources to combat this threat. This paper analyzes numerous cyberattacks by Russian computer enthusiast group Chaos Hackers Crew and other hacktivists during Operation Allied Force in 1999, that included taking down and defacing various NATO and US Government websites, several successful virus propagation attempts on military servers and countless spamming storms. This particular case raises curious questions about the legal definition of term cyberconflict itself, magnitude of the damage from a potential cyberattack on U.S. Government by terrorists and the level of preparedness of key military and intelligence units for the cyberwar. The cyberterrorism threat is real, however it’s essential to recognize that preserving the state of continuous distress over computer vulnerabilities can be profitable. Based on this research, cultural differences play a huge role in the world of computer hackers who decide what entity to attack and how, also the scale of a cyberattack doesn’t matter as economic damage can be devastating regardless of its size. Global governments need to continue working on creating workable laws that accurately describe the problem of cyberattacks and effectively enforce the solution. The modern world still has a long way to go before all security threats are addressed, appropriate defence is in place and all the critical computer infrastructure is protected from hackers,...

Words: 8586 - Pages: 35

Free Essay

Public Policy and Technology

...Information Technology Public Policy and Technology Name SCHOOL DATE Information Technology: Public Policy and Technology The new U.S. president is counting on technology to help realize his key agenda items. Government policymakers and business leaders also need to consider foundational technology and public policy issues, such as privacy, identity, architecture and the impact of Web 2.0. E-Governments is the future of any nation and as soon as Government moves towards Internet, the internal operations will be faster. More and More Governments are moving towards cloud computing and Web 2.0 service to implement public policy today. The biggest challenge in this is data security and maintaining the integrity of the data. This is one of the most difficult and important task to do. This is the biggest challenge for the governments all over the world. The last time that research houses published a special report on how technology would affect public policy and vice versa in the U.S. was during the aftermath of the 2000 presidential election. That report led to other special reports on the relationship of technology and public policy in other parts of the world. In those reports, we were optimistic about the prospects of technology's enablement of the public policy, including streamlining government in much the same way that IT has helped to improve efficiency in the private sector, and the prospects for the public's involvement in rule making and legislation. Our......

Words: 1589 - Pages: 7

Premium Essay

Ethics, Compliance Auditing, and Emerging Issues

...Ethics, Compliance Auditing, and Emerging Issues INTERNAL MEMO TO: John Doe CEO FROM: Glen Leonard RE: Ethics Program / Training /Compliance Auditing ------------------------------------------------- DATE: February 22, 2016 This memo serves as notice that we will soon initiate efforts to develop and implement an ethics program as well as the appropriate training and an effective way to monitor those plans. As you are aware, consumers and partners want to work with companies they can trust, and having a program that will build management skills and effectively structure business controls is a great way to become transparent and build that trust. Overall, an effective ethics and compliance program will protect the organization by identifying and preventing inappropriate conduct while promoting adherence to the legal and ethical responsibilities of the organization. The core components of the proposed ethics program will include: * Establishing Standards and Procedures – this will include code of conduct, policies and procedures * Training and Education, to ensure employees are trained on the code of conduct, policies and procedures and other programs and objectives that are relevant to the program * Monitoring, Auditing and Evaluation establishing a system to detect and prevent unethical conduct and to ensure the system is effective and being adhered to. To close, with the establishment of an effective ethics......

Words: 1669 - Pages: 7

Free Essay

Test One

...United States Government Accountability Office Report to Congressional Committees June 2015 INSIDER THREATS DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems GAO-15-544 June 2015 INSIDER THREATS DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems Highlights of GAO-15-544, a report to congressional committees. Why GAO Did This Study What GAO Found Since 2010, the United States has suffered grave damage to national security and an increased risk to the lives of U.S. personnel due to unauthorized disclosures of classified information by individuals with authorized access to defense information systems. Congress and the President have issued requirements for structural reforms and a new program to address insider threats. The Department of Defense (DOD) components GAO selected for review have begun implementing insider-threat programs that incorporate the six minimum standards called for in Executive Order 13587 to protect classified information and systems. For example, the components have begun to provide insider-threat awareness training to all personnel with security clearances. In addition, the components have incorporated some of the actions associated with a framework of key elements that GAO developed from a White House report, an executive order, DOD guidance and reports, national security systems guidance, and leading practices......

Words: 17616 - Pages: 71

Premium Essay

The Pros And Cons Of Cryptocurrency

...As technology continues to advance, the United States must accept the concept of digital globalization as it develops national security policies designed to bolster homeland security. It is also important for policy makers to understand the fluidity of terrorism. While their motives may not change, the tactics used by terrorists are ever evolving, so to must the government’s ability to identify, track and eliminate threats. Prior to the 9/11 attacks, the US lacked preparedness for that type of attack carried out that morning. Since then, the federal government took steps to protect against future, similar attacks. Some of these measures included the creation of the Transportation Security Administration, the arming of airline pilots and...

Words: 1871 - Pages: 8

Premium Essay

Supervisor

...adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home (President Barack Obama, 2012).” Technology has changed the total lifestyle of people around the world. Here in the United Stated, society’s daily lives revolve around social interaction, economic stability, job security and information dominance. Information Dominance is “the degree of information superiority that allows the possessor to use information systems and capabilities to achieve an operational advantage in a conflict or to control the situation in operations other than war while denying those capabilities to the adversary (US Cyber Command, 2012).” Corporations as well as many of the world’s governments have risen and fallen due to their degree of Information Dominance and Information Security. Cyber-attacks have increased exponentially within the last 10 years. Battlefield lines that were once drawn in the sand no longer exist. Cyber-attacks can occur from any location in the world and at any time. A Cyber-terrorist has the ability to use current communication infrastructure to launch an attack that could cripple a nation. In 2012, Defense Secretary, Leon Panetta spoke at the Business Executives for National Security (BENS) summit. He expresses that “An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches," he said. "They could for example derail passenger trains,......

Words: 3217 - Pages: 13

Premium Essay

Cyber Crime

...Project on Cybercrime www.coe.int/cybercrime Strasbourg, 15 January 2010 Draft Discussion paper Law Enforcement Challenges in Transborder Acquisition of Electronic Evidence from “Cloud Computing Providers” Prepared by Joseph J. Schwerha IV TraceEvidence, LLC Project funded by Romania, Monaco, Estonia, Microsoft, McAfee and the Council of Europe Council of Europe – Project on Cybercrime For further information please contact: Economic Crime Division Directorate General of Human Rights and Legal Affairs Council of Europe Strasbourg, France Tel: Fax: +33-3-9021-4506 +33-3-9021-5650 Disclaimer This technical report does not necessarily reflect official positions of the Council of Europe or of the donors funding this project or of the parties to the instruments referred to Email: alexander.seger@coe.int www.coe.int/cybercrime 2 Council of Europe – Project on Cybercrime Contents 1 2 3 4 Introduction ___________________________________________________ 4 Council of Europe Convention on Cybercrime Overview __________________ 5 What are Cloud Computing Providers? _______________________________ 6 The United States Perspective _____________________________________ 8 5 What are the challenges in the transnational acquisition of evidence from Cloud Computing Providers?_______________________________________________ 9 5.1 5.2 5.3 5.4 5.5 It can be impossible to know where the data resides ________________________________ 9 What Law Applies......

Words: 10207 - Pages: 41