by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : June 30, 2014
QThe cyber threat "industry" has become much more sophisticated in the past few years. What challenges does this pose for government? ACyber attacks have become an industry because of the ability to monetize the results of the attacks. The potentially lucrative and strategic results of cyber exploits have attract- ed more structured entities such as nation-states, orga- nized crime, corporations, small businesses and entre- preneurs. Though internation- al, economic, and corporate espionage have existed for thousands of years, cyber exploits now allow such activities to occur at long distances, faster and some- times with few if any traces of incursion. QThe cloud is often seen as a security headache for agencies, but others say it can be a help. What's the reality? AThe reality is both. There is no "the cloud." There are numerous forms of cloud-based services and vari- ous security models within those services. Agen- cies, and other cloud users, need to evaluate each cloud service against the speci c use-case and the security capabilities available---in the cloud service, delivered by managed security services, or provided by the users. If the appropriate controls are put in place, a cloud implementation can help deliver a better service in a more secure environment than a company or agency could offer on its own. QIs in-depth cybersecurity still necessary, or even possible? AIn-depth cybersecurity is necessary now more than ever. Defense-in-depth is vital for several reasons: In- cursions will happen, the number of bad-actors is growing, and the sophistication of both hacking tools and practitioners is increasing. On the other hand, defense tools and practitioners are becoming more sophisticated and the number of security tools is in- creasing, making in-depth cybersecurity possible. At the end of the day, however, it is not possible to elim- inate risk. But human behavior and technology, to- gether, can reduce the risk of human factors. What are the key cybersecurity points that government organizations most often overlook? AThe most signi cant weak point in any organization, including government, is the people within the organi- zation. For the most part, systems will do what they are told, and behave according to their con gurations and capabilities. People will be driven to act according to personal interests, pro t motives, political perspec- tives, con icting requirements, overloaded schedules, deadlines, etc. Policies, procedures, practices, rules, con gurations, controls, all will be bypassed to ac- complish objectives, both personal and professional. Addressing this weakness is extraordinarily dif cult and costly. One approach to consider is to de ne and limit behavior in terms of acceptable responses, ap- propriate users, acceptable times of use, etc. Tech- nologies available as a starting point to address this weakness include security-as-a-service solutions, application-based rewalls and whitelisting. QWhat's the role of a CISO in a government organi- zation? What skills will the CISO of the future need to have? AThe role of the CISO is to provide senior level leader- ship within the agency with the perspective and s- cal experience to manage cyber risk for an organiza- tion. I believe that the CISO role warrants C-level visibility due to the increasing impact of cyber threat on an enterprise. The CISO of the future (and today) needs to have thorough knowledge of their mission, including strategies, regulatory environments, nan- cials and exposures. The CISO also needs to have strong relationships with legal, privacy, CFO, CIO, operations departments and functions within their organizations. CISOs need to see themselves as risk managers who balance the operational risks and tol- erance for risk with budgets, regulatory environ- ments, and security controls. Q A Jeff Huegel, CISSP CISM CRISC Chief Architect, Cyber Security AT&T Global Customer Security Services Sponsored Content To learn more about cybersecurity solutions for the federal government, contact AT&T at Att.com/gov/cyber
May 30, 2014
June 15, 2014