http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 05 Jul 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18993.html Recently, government security professionals have been tasked with sorting through an ever-expanding assortment of directives, including the NIST SP 800-53, SCAP, FDCC, FISMA, and Dept. of Homeland Security Software Assurance standards. Fortunately, the recently finalized Consensus Audit Guidelines (CAG) are designed to provide a clear and concise set of security controls that can help you focus on the critical underlying recommendations resident in all of these documents, while addressing the threats and attacks that your organization faces today. Core Security is pleased to present a special webcast briefing where John Gilligan and Alan Paller, two principal contributors to the CAG, will provide their insights into how you can best approach the guidelines. As the CAG distills the baseline elements of the myriad IT security measures government organizations must digest, this webcast will provide a closer look at the salient points of the CAG recommendations themselves. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18993.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18976.html Top cybersecurity official of NASA raised a few eyebrows and won a lot of fans last month when he said the cost of complying with the Federal Information Security Management Act was not a good investment. Rather than spend tens of millions of dollars going through the paperwork-intensive certification and accreditation process in 2010, NASA planned to invest its money in technology that would make it possible to manage security risks in real time, said Jerry Davis, NASAs deputy chief information officer for information technology security. http://www.compliancehome.com/resources/FISMA/Articles/abstract18976.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18972.html The cybersecurity and FISMA reform bill, the bills that were longed for are by the leaders of the Senate Homeland Security and Governmental Affairs Committee would create two cybersecurity directors - one in the White House and the other in the Department of Homeland Security - to lead the federal governments information security efforts. http://www.compliancehome.com/resources/FISMA/Articles/abstract18972.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18965.html When Congress enacted the Federal Information Security Management Act of 2002, the law that governs how the government secures its digital assets, lawmakers charged agency and departmental chief information officers with responsibility for information security for their respective organizations. Nary a mention of a chief information security officer. Fast forward eight years to late last month, when FISMA reform passed the House as part of the Defense Authorization Act for Fiscal Year 2011. CIOs, under the bill, would continue to be accountable for their agencies' IT security, but the legislation would provide specific responsibilities for CISOs if it becomes law. http://www.compliancehome.com/resources/FISMA/Articles/abstract18965.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18960.html Continuous monitoring is at the center of proposed reform to FISMA, which is currently maligned as being an exercise in paperwork rather than an effective guide for cybersecurity. The National Institute of Standards and Technology (NIST) has released a list of 17 frequently asked questions about continuous monitoring. http://www.compliancehome.com/resources/FISMA/Articles/abstract18960.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18955.html A major step forward to overhaul federal cybersecurity policy by passing the Defense Authorization Bill is taken by the House. The legislation includes and amendment to update the Federal Information Security Management Act, (FISMA). The new cybersecurity guidance will introduce performance based standards and guidelines. This is a marked changed from the current compliance based standards. But already cybersecurity experts are cautioning against the FISMA reforms. They says that although FISMA has improved cybersecurity, the overall results were not that impressive. Proponents of the bill hope to pass the full measure before the August Congressional Recess. http://www.compliancehome.com/resources/FISMA/Articles/abstract18955.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18954.html The changes to the 2002 Federal Information Security Management Act that passed as part of the Houses Defense Authorization Bill for fiscal 2011 would give the White House more direct control over IT security within agencies. Rather than setting out static requirements to be met by agencies in securing their information systems, the Federal Information Security Amendment Act of 2010 would establish a National Office for Cyberspace in the Executive Office of the President, with a director who would be confirmed by the Senate, to oversee IT security. http://www.compliancehome.com/resources/FISMA/Articles/abstract18954.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18948.html Portland, Oregon-based TripWire plans to raise $86.25 million by going public on the Nasdaq under the ticker symbol TPWR. J.P. Morgan and Thomas Weisel Partners will share the underwriting role. TripWire builds enterprise security and privacy applications that make it a lot easier for companies to adhere to regulatory standards such as HIPAA, and best practices rules like FISMA. Security and compliance are considered fairly recession-proof industries, because of recession-proof Federal regulations and the regulators who enforce them. http://www.compliancehome.com/resources/FISMA/Articles/abstract18948.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18947.html The fate of FISMA reform legislation could rest with the outcome of congressional action to eliminate the don't ask, don't tell law that bars gays from openly serving in the military. The House Friday approved by a 229 to 186 vote the National Defense Authorization Act, which includes an amendment added to establish an Office of Cyberspace in the White House headed by a Senate-confirmed director. That director would have the authority to review civilian agencies IT security budgets. The amendment is an amalgamation of the Federal Information Security Amendments Act of 2010, HR 4900, sponsored by Rep. Diane Watson, D.-Calif., which was approved last week by the House Oversight and Government Committee, and the Executive Cyberspace Authorities Act, HR 5247, introduced earlier this month by Rep. James Langevin, D.-R.I. http://www.compliancehome.com/resources/FISMA/Articles/abstract18947.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18946.html FISMA II, with 40 some pieces of cybersecurity legislation pending before Congress, is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than that: Instead of being compliance focused, the new bill will introduce performance-based standards and guidelines. http://www.compliancehome.com/resources/FISMA/Articles/abstract18946.html Thu, 27 May 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18942.html A blend of new guidance, increased oversight and expected legislative reforms are collectively elevating the importance of continuous monitoring of government networks, a panel of security experts said Monday at the 30 th annual Management of Change conference held by American Council of Technology and Industry Advisory Council. All three developments reflect the conclusion that agencies must monitor their networks continuously and manage security risks more effectively and move beyond current requirements to file what many agree are outdated security compliance reports under the Federal Information Security Management Act. http://www.compliancehome.com/resources/FISMA/Articles/abstract18942.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18934.html In what is being described as a break away movement that security professionals say will better secure porous computer systems, NASA's top security chief ordered his staff on Tuesday to shift their focus from certifying that networks are compliant with a nearly decade-old law to monitoring systems for holes and real-time reporting of threats. http://www.compliancehome.com/resources/FISMA/Articles/abstract18934.html Fri, 21 May 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18919.html A House Oversight and Government Reform panel Wednesday approved legislation mandating the creation of a permanent national office for cyberspace within the White House to oversee federal agency efforts to protect their computer systems cyber attacks and other threats. http://www.compliancehome.com/resources/FISMA/Articles/abstract18919.html Fri, 21 May 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18918.html The federal government needs a better system for assessing and reporting cybersecurity threats, but real progress is impossible without more money for new programs, observers said. During a conference in Washington hosted by software solutions company SAS, security analysts agreed the 2002 Federal Information Security Management Act, which requires agencies to submit comprehensive security reports on a semiregular basis, no longer provides the guidance necessary to effectively monitor cyber threats. Critics have called the current process burdensome and a distraction from security. http://www.compliancehome.com/resources/FISMA/Articles/abstract18918.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18916.html The Office of Management and Budget ordered federal civilian agencies to adopt a near-real-time approach to cyber threats in a memo issued last month. http://www.compliancehome.com/resources/FISMA/Articles/abstract18916.html Wed, 28 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18909.html Federal government agencies will implement real-time data monitoring for cyber-security that will replace paper-based reports in instructions outlined in a memo from President Barack Obama's technology leaders. The U.S. Department of Homeland Security will provide support as agencies automate the reporting of security data as required by the Federal Information Security Management Act (FISMA). Agencies will http://www.compliancehome.com/resources/FISMA/Articles/abstract18909.html Wed, 28 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18908.html The White House has issued new rules that will require agencies to monitor their IT systems for intrusions and vulnerabilities in real time, as the Obama administration continues its efforts to update and strengthen the federal government's defenses against cyber threats, http://www.compliancehome.com/resources/FISMA/Articles/abstract18908.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18859.html Why is it so difficult to provide security for our government computer-based systems? To understand the answer to this question, it is important to examine the enormous complexity of the problem. Cyber attacks focus on vulnerabilities that can and do exist in every hardware and software component. Each federal department has hundreds of thousands or in some cases millions of these hardware and software components. The actual vulnerabilities that become the avenues for cyber attack are contained in the logic statements that comprise each and every one of the hardware and software components used by each government organization. http://www.compliancehome.com/resources/FISMA/Articles/abstract18859.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18836.html Given the persistent concerns about protecting the governments computer systems, the most recent of many congressional hearings on how to fix the Federal Information Security Management Act was perhaps as maddening for its old refrains as it was encouraging for the renewed desire to deal with them. http://www.compliancehome.com/resources/FISMA/Articles/abstract18836.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18826.html Ammendments to the way federal agencies counter and report on cybersecurity threats appear imminent, at least if an Office of Management and Budget report on the Federal Information Security Management Act is any indicator. http://www.compliancehome.com/resources/FISMA/Articles/abstract18826.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18818.html Cyber security threatens the very existence of the United States, speaking at the FOSE conference in Washington, Steven Chabinsky, deputy assistant director of the FBI's cyber division, said. He further added that the determined hackers could eventually break into any system they want to. Computerworld reports Chabinsky said terrorism is the FBI's top cyber priority. The bureau is also investigating foreign countries seeking to steal state secrets and private sector intellectual property. http://www.compliancehome.com/resources/FISMA/Articles/abstract18818.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18817.html Lawmakers and the White House called for changes to long-standing federal information security policies that would require vendors to incorporate safeguards into systems when they are being built rather than later in the development process -- an approach that could significantly affect federal contractors' products and services. http://www.compliancehome.com/resources/FISMA/Articles/abstract18817.html Thu, 18 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18798.html Although there is enormous improvement in cybersecurity, the Veterans Affairs Department still has significant obstacles to overcome to meet federal cybersecurity standards, according to a new report released by the VAs Office of Inspector General. According to a summary of the report, the VA continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program. In order to better achieve the FISMA objectives, the department needs to focus on several key areas. http://www.compliancehome.com/resources/FISMA/Articles/abstract18798.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18783.html The key topic covered by Federal News Radio and many agencies are continuously working toward FISMA compliance is the Cybersecurity. ISC(2) works to help agencies do this -- and they just put out their 2010 Career Impact Survey. It examines hiring practices, salaries and cyberthreat definitions. Hord Tipton is executive director at ISC(2) and says about 60 percent of federal managers are saying they expect to hire more information security people this year, among other things. http://www.compliancehome.com/resources/FISMA/Articles/abstract18783.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18746.html Federal CISOs note compliance as one of their top three priorities with significant time spent on addressing compliance issues. This is exacerbated by the complexity of todays IT environment, including physical and virtual environments, multiple operating systems and applications supported, and the mobility of data and users. A FISMA compliance approach that relies on a manual and labor-intensive process can produce mountains of paper and electronic documents that become quite burdensome to manage and ultimately don't ensure a secure network. Its no surprise then, that in a recent ISC2 survey, while FISMA is generally viewed as having had a positive effect, two in five CISOs believe it has become misdirected or is a time-wasting exercise. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18746.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18737.html Vivek Kundra, the Federal Chief Information Officer, in addressing the importance of cyber security as a government priority in testimony before a Senate Homeland Security and Governmental Affairs subcommitteesaid: http://www.compliancehome.com/resources/FISMA/Articles/abstract18737.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18736.html Obama administration has released a budget of $3.8 trillion with a request of close to $80 billion to be allocated to IT spending for 2011. In terms of information security, the administration is seeking to improve broadly in three areas; improving identity management, shift to a real-time security posture and cyber incident information sharing. Identity management is a central issue for any cyber security team. Ensuring that the right person is able to access the appropriate level of information is essential for government cohesiveness and efficiency. To improve identity management in the federal sector, the administration wants to implement the Federal identity management roadmap, according to a presentation released by federal CIO Vivek Kundra. http://www.compliancehome.com/resources/FISMA/Articles/abstract18736.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18728.html Robert Holleyman, President and CEO of the Business Software Alliance (BSA), speaking at the Congressional Internet Caucus 2010 State of the Net Conference emphasized immediate actions the US government can undertake to increase cyber security. According to BSA, Holleyman was a member of the panel discussion titled Cyberwar: Is Congress Preparing for the Common Defense?In outlining the BSA proposal, Holleyman said:There are four steps Congress and the US government can take to immediately battle cyber crime. First, adopt a national cyber security research and development plan to spark private sector innovation in cyber security. The House Science & Technology Committee passed a bill, HR 4061 that does just that. http://www.compliancehome.com/resources/FISMA/Articles/abstract18728.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18722.html It was an almost free-for-all atmosphere, Dennis Lauer recalled. Employees installed Apple iTunes on the network and regularly downloaded malware via pop-ups that harbored malicious code. http://www.compliancehome.com/resources/FISMA/Articles/abstract18722.html Tue, 29 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18667.html Application vulnerabilities are real and hackers are targeting industries that offer the best avenues for illicit monetary gains. At the same time, economic, competitive and time-to-market pressures are driving enterprises to use third-party commercial off-the-shelf (COTS), open source, outsourced code and crowd-sourcing as part of their application development and acquisition process - and therefore exposing these enterprises to unacceptable level of unbounded corporate risk. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18667.html Tue, 29 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18661.html Members of Congress familiar with safeguarding government IT systems who are sponsoring legislation to give NIST even more responsibilities in developing cybersecurity metrics are among the biggest fans of the National Institute of Standards and Technology. http://www.compliancehome.com/resources/FISMA/Articles/abstract18661.html Tue, 29 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18660.html When it comes to cybersecurity, the time for talk is over and the time for action is way overdue, according to one cybersecurity expert. Policies and procedures have been talked to death through books, symposia and even movies. Technical solutions are available, but each is sitting in its own silo where it isnt likely to be the most effective. And as for information sharing about cyber incidents and threats, not only does it not occur, but the environment isnt conducive to it. http://www.compliancehome.com/resources/FISMA/Articles/abstract18660.html Tue, 22 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18640.html The presenter of this webcast gives an overview and demonstration of how NIST's Security Content Automation Program (SCAP) can be beneficial in achieving compliance with the Federal Information Security Management Act (FISMA) and other compliance requirements and how adoption increases security, increases network performance, and lowers operating costs. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18640.html Tue, 22 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18632.html Dynamics Research Corporation (DRC) has been awarded a $15.4 million contract to provide information security compliance support services to the Department of Homeland Securitys (DHSs) Information Security Offices Compliance Division. Under the contract, DRC will continue to provide an array of security services, including supporting the implementation of the annual DHS Information Security Performance Plan and ensuring compliance with the Federal Information Security Management Act (FISMA). http://www.compliancehome.com/resources/FISMA/Articles/abstract18632.html Thu, 17 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18613.html The Department of Defenses Medical Education and Training Campus, the world's largest military medical education and training institution, implemented RightNow CX , the customer experience suite, to support the biggest consolidation of military medical training in DoD history. RightNow CX will help the healthcare education campus train and support medics enlisted in the Air Force, Army and Navy. http://www.compliancehome.com/resources/FISMA/Articles/abstract18613.html Thu, 17 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18599.html The United States Agency for International Development (USAID) provides economic and humanitarian assistance in more than 100 countries. USAID is the only Federal agency to receive an A+ in their Federal Information Security Management Act (FISMA) scoring for two consecutive years. nCircle is the foundation technology used to deliver these results. Government agencies and commercial enterprise alike will benefit from hearing the risk management approach USAID has taken and the process and measurements used to ensure their global systems are secure and compliant. http://www.compliancehome.com/resources/FISMA/Articles/abstract18599.html Thu, 17 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18598.html Building a Self-Defending Network to reduce risk through greater automation of information security is critical to delivering next generation e-gov solutions while improving FISMA scores. Yet organizations often lack visibility into network connectivity and behavior required to eliminate gaps in security architecture and proactively eliminate threats. The presenters will show why measuring risk from a network perspective is an important complement to the existing system and data level security efforts, and how to leverage this information as part of a complete information assurance strategy. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18598.html Sat, 12 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18587.html Federal agencies may have to report a number of new cybersecurity metrics to the Office of Management and Budget, according to a draft of proposed cybersecurity performance metrics posted this week by the OMB and the National Institute of Standards and Technology. The new metrics have a strong emphasis on real-time monitoring. Critics have long faulted the government's cybersecurity compliance efforts under the Federal Information Security Management Act as focusing too heavily on metrics that have little to with actual operational security, like whether an agency has tested its contingency plan. http://www.compliancehome.com/resources/FISMA/Articles/abstract18587.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18568.html Enterprise organizations are facing a false sense of security and compliance. Theyre also burdened with a false sense of investment in knowing where to implement leading solutions to meet the stringent regulatory requirements for protecting confidential information. Join Application Security, Inc. and Enterprise Strategy Group to see the results of our annual Enterprise Database Controls survey. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18568.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18567.html Cloud computing services have matured and are ready for federal agencies to use, but incorporating them into everyday operations could take months or years, according to industry executives that offer the service. Cloud computing refers to the practice of purchasing computer services that are stored and maintained by a third-party contractor, instead of housing all the equipment and software on-site. The Obama administration has made cloud computing a central piece of its technology agenda and has directed agencies to purchase information technology equipment and services with that in mind http://www.compliancehome.com/resources/FISMA/Articles/abstract18567.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18559.html Cloud computing is being evaluated as the way to provide IT services to state agencies and other groups of users, including local governments and schools by some state CIOs. It makes sense for states to go this route, but there's a right way and a wrong way. CIOs in Michigan, Utah, and other states are mulling strategies that would essentially make their IT departments cloud service providers to public agencies. A handful of IT vendors--Amazon, IBM, Microsoft, and Rackspace among them--are aiming for that same market. The question is whether state IT departments can outperform IT vendors in the cloud. If the choice is Amazon Web Services versus Michigan Web Services, who wins? http://www.compliancehome.com/resources/FISMA/Articles/abstract18559.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18557.html The attendee of this webcast will learn best practices for protecting Personally Identifiable Information (PII) and other sensitive data against new and emerging threats such as SQL injection and rogue insiders. Protecting against cyber attacks, breaches, fraud and insider threats has heightened the need for organizations to carefully review their security programs for securing PII and other sensitive data against regulations they must comply with, including EU e-privacy and personal data-protection rules, UK Data Protection Act, or US FISMA-mandated NIST 800-53 standard and OMB M-06-16 directive. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18557.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18556.html The United States Agency for International Development (USAID) provides economic and humanitarian assistance in more than 100 countries. USAID is the only Federal agency to receive an A+ in their Federal Information Security Management Act (FISMA) scoring for two consecutive years. nCircle is the foundation technology used to deliver these results. Government agencies and commercial enterprise alike will benefit from hearing the risk management approach USAID has taken and the process and measurements used to ensure their global systems are secure and compliant. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18556.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18555.html The presenter of this webcast gives an overview and demonstration of how NIST's Security Content Automation Program (SCAP) can be beneficial in achieving compliance with the Federal Information Security Management Act (FISMA) and other compliance requirements and how adoption increases security, increases network performance, and lowers operating costs. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18555.html Fri, 11 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18550.html In a Government IT Priorities survey of federal technology decision makers, cybersecurity was the No. 1 IT initiative within respondents' organizations in terms of importance and leadership focus. For most, cybersecurity means dealing with the Federal Information Security Management Act and its 17 control areas. The upside to FISMA is that agencies have a consistent and broadly applicable standard for how information security should be applied. The downside is that the true goal of securing sensitive information and preserving core mission processing sometimes gets lost in a maze of requirements http://www.compliancehome.com/resources/FISMA/Articles/abstract18550.html Fri, 04 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18545.html Everyone in government today is concerned with cyber security. While FISMA requires federal agencies to enhance their security posture, it remains a daunting task. Despite standardization from NIST and others, what is missing is a pragmatic evaluation of what an agency can do quickly to substantially tighten their security. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18545.html Fri, 04 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18535.html As you try to ensure your computer systems are FISMA compliant, NIST wants you to rest assured that your systems are secure. They've updated one of their publications to help you http://www.compliancehome.com/resources/FISMA/Articles/abstract18535.html Fri, 04 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18534.html If the nations cyber-defense operations should be run by a White House cyber coordinator or a federal agency such as the Department of Homeland Security is always a matter of debate. Both ideas have merit, but theres an even more profound consideration, one that relates to understanding who our cyber adversaries are and how they operate. http://www.compliancehome.com/resources/FISMA/Articles/abstract18534.html Fri, 04 Dec 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Articles/abstract18501.html The main emphasis of the revised draft publication is on transforming episodic information system certification and accreditation processes at federal agencies by reinforcing and specifying procedures for continuous monitoring and updating. Procedures will help organizations respond rapidly to cyber security threats. Titled Special Publication 800-37 Rev 1, document describes Risk Management Framework that stresses security from information system's initial design phase through implementation and daily operations. http://www.compliancehome.com/resources/FISMA/Articles/abstract18501.html Fri, 27 Nov 2009 00:00:00 CST http://www.compliancehome.com/resources/FISMA/Webinars/abstract18499.html In a down economy application security is both a necessity and a competitive differentiator. Yet in a recent survey, respondents showed that they had no reason for confidence in either their own applications or those developed or managed by third-party service providers. http://www.compliancehome.com/resources/FISMA/Webinars/abstract18499.html