Is it Spam? This week in Comment Spam
What's Next for Block Listing?

Review: Cybersecurity Guide for US Government Agencies

The folks at GovLoop.com invited me to read and share their Agency of the Future Guide: Winning the Cybersecurity Battle. The guide begins with a brief survey of (US) public sector employees who were asked to comment on their agency's cybersecurity strategy.

As you can see from the infographic style summaries of responses, the list of challenges facing US Government agencies contains all the usual suspects:

Figure1

When asked about their agency's state of preparedness, the responses are all over the map but generally paint a less than comforting "not even close!"

Figure2

Figures34

Based on the surveys, agencies seem to be highly concerned over (i) Phishing and malware, (ii) DOS and DDOS attacks, and (iii) application level attacks. Parties responding to the survey attribute attacks to a much wider set of actors than I customarily see. I'm frankly surprised that agencies are allegedly unprepared for attack can so identify the attacker's motives with such confidence, but your mileage may vary.

Much of the balance of the report consists of editorials contributed by commercial interest parties (security products or services providers). The editorials make strategic level recommendations for agencies. You can read the report in its entirety, but choosing randomly, I found the following noteworthy because they aren't mainstream mantra (prevent, detect, respond, control, manage, restore):

  • Be a prudent early adopter of new technology that can address some of the new complex threats that are emerging (Source: Juniper Networks)
  • The security officer must have a seat at the table. Security officers can explain how assuming risk here will create trade-offs for the agency. (Source: Symantec)
  • Government agencies are desperately in need of hiring top cyber talent. Keeping talent is key to success (Source: State of Michigan

The report also identifies 19 potential metrics for agencies to use to measure and improve cybersecurity strategies. There's some vendor fluff here, but overall, it's a useful read for strategy planning.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)