by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 30, 2012
14 October 30, 2012 FCW.COM Risk management has been part of IT security from Day One, but has often taken a backseat to aggres- sive zero-tolerance policies that sought to raise impenetrable barriers to security threats. Now we know better. An explosion in the volume and sophis- tication of malware in the past few years has overwhelmed barrier technologies such as rewalls and intrusion-detection systems, and the bogglingly fast spread of powerful mobile devices such as tablet PCs and smart phones has provided the black hats with a wealth of different ways to break into networks. "Three decades ago, a mainframe would have been a big investment for an organization, but IT has become a com- modity today and we use those technolo- gies very aggressively," said Ron Ross, a fellow at the National Institute of Stan- dards and Technology and the leader of NIST s Federal Information Security Management Act (FISMA) Implementa- tion Project. "The trend now is also to connect everything to everything. Cou- ple that with the exponential growth in malware, and that s why people are so concerned." In contrast to the castle-and-moat approach to security, risk management sets acceptable levels of risk for an orga- nization, and then controls and seeks to mitigate those risks. That way --- or so the theory goes --- the most mission-critical systems can be protected and the orga- nization will still be able to function even if cyberattacks succeed in penetrating periphery defenses. Theory is one thing and implemen- tation another, however. Although the concept of risk management is now well understood in agency IT and secu- rity departments, it is not yet a widely practiced discipline. Agencies such as the National Security Agency and the State, Commerce and Defense departments are acknowledged leaders in risk man- Managing against the risks Firewalls and other barriers can't begin to guard against every threat. Today's interconnected systems and mobile workforce demand a very different approach. BY BRIAN ROBINSON CYBER INSECURITY STEP MONIT security co STEP 5 AUTHORIZ information sy Architecture desc • Architecture referen • Segment and solution • Mission and busines • Information system
October 15, 2012
November 15, 2012