STATE GOVERNMENT: A Georgia Hacking Bill Gets Cybersecurity All Wrong. In March, the Georgia State General Assembly passed a bill that would make it illegal to access a computer or network “without authority.” Georgia Governor Nathan Deal has until May 8 to decide whether to sign it into law or veto it. The 40-day limbo has morphed from a bureaucratic formality, though, into a heated debate with national implications. In just 43 lines, the bill raises fundamental questions about how to establish boundaries in cyberspace without hindering vital security research and, crucially, the ethics of “hacking back,” in which institutions that have been attacked can digitally pursue the hackers and even potentially retaliate. Read more
FEDERAL GOVERNMENT: For Better Cybersecurity, Be Nice to Your CFO. Nearly every federal employee, even those whose IT experience begins and ends at using a computer for work, is capable of contributing to the protection of U.S. government networks. While CIOs and CISOs bring the expertise and experience needed to manage large IT enterprises, chief financial officers bring money and vision. Their control over an agency’s budget requests and strategic planning process makes them gatekeepers whose support can often mean the difference between getting the necessary funding for critical cybersecurity priorities and simply making do. “Why should I be collaborative with my CFO? That’s where the money is,” said Rod Turk, acting CIO of the Commerce Department at a May 1 event hosted by the Association of Government Accountants. “And frankly…if you start talking bits and bytes to your CFO, they’re not going to understand. When they don’t understand, guess what? You don’t get the money.” Read more
GUIDE: How to Apply the NIST Cybersecurity Framework to AWS Implementations. If public cloud services are in your IT mix, the NIST Cybersecurity Framework (CSF) is a great way to evaluate security needs and develop a robust security strategy. The NIST CSF identifies five key cybersecurity functions – “Identify,” “Protect,” “Detect,” “Respond,” and “Recover” – to organise recommended security controls into actionable work streams. AWS users can use the CSF to plan security strategies and investments for optimal protection and coverage. Read more
STATE & LOCAL GOVERNMENT: How to Strengthen Security Seamlessly with Cloud. State and local government agencies are turning to cloud to streamline and strengthen their organizations’ cybersecurity efforts. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems April 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-april-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.