Top 5 information security challenges for US government agencies
Posted on 03 March 2009.
Cloakware identified the top five challenges facing federal agencies that expose them to critical security breaches. The list, compiled from in-depth conversations with industry experts and government agencies, outlines the most significant challenges facing federal organizations concerned with protecting the systems that support critical infrastructure (cyber CIP) while providing an operationally efficient environment.

With continuing reports of major security breaches and thwarted attacks at both government agencies and Fortune 2000 organizations, cyber security has never been a greater priority. Though confronting short-term economic and national defense concerns, newly elected President Obama has also ordered a 60-day review of the U.S. information security and cyber CIP policy. This call to action recognizes that a failure to implement proper security measures can facilitate internal and external threats to the confidentiality, integrity and availability of the nation's critical infrastructure.

In January 2009, the U.S. Government Accountability Office (GAO) published an update to the High-Risk Series (GAO-09-271) report outlining federal information and cyber CIP concerns. The report stated that protecting the federal government's information systems and the nation's critical infrastructure is a top-line challenge. It requires resolving identified deficiencies and fully implementing effective security programs.

In a concerted effort to comply with pending mandates from the new administration, Cloakware recognizes that government entities will be expected to implement solutions that address the following top cyber security challenges:

1. Cyber security as top-level priority - Earning cross-agency buy-in is critical for managing threats effectively, ensuring centralized and controlled access to vital information and systems.

2. Establishing and implementing consistent security initiatives - Mandating policies can be a complex and daunting task, but with insufficient processes in place to enable full accountability, agencies become susceptible to internal and external threats.

3. Preventing system disruption - Dynamic and complex technology environments, including virtualized, cloud computing or service-oriented infrastructures, make managing information access extremely difficult, requiring flexible controls and solutions to adapt and prevent interruptions - or worse.

4. Improving warning capabilities - Access to critical information assets must be monitored and managed intensively in all facets of the organization. Implementing proactive warning systems can circumvent critical incidents, limiting exposure to agency credentials and vital information that opens the agency to extreme governance risks both inside and outside its walls.

5. Strengthening incident recovery - While mitigating occurrences is the first line of defense, the ability to recover from incidents quickly without exposing critical information and access needs to be improved upon. When events do arise, privileged information and access are compromised without a disaster recovery plan in place.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th