FEDERAL CISOs: Want More Education and Training to Help Boost Incident Response. Federal CISOs agree that investment in workforce training and education is the key to increasing incident response capabilities. If budgets weren’t an issue, Department of Homeland Security CISO Jeffrey Eisensmith said during a panel on CISO priorities for 2018 at the Sept. 13 Billington Cybersecurity Summit in Washington, D.C., he would put a “significant investment in workforce both in training and retention” by instituting performance-based training and testing.” Read more
BANKS: How to Strengthen Incident Response. Effective incident response requires fine coordination between technical and human resources, says Mike Fowler of DF Labs, an incident-response platform provider. “Think about the last cyberattack you read about [and what] we see is that we need more cyber-trained people,” Fowler says in an interview at Information Security Media Group’s recent New York Fraud and Breach Prevention Summit. “Part of the problem is the human element, and I think part of the solution is taking what we have – the resources, be they hardware, software or human – and making them better.” Read the rest
FEDERAL GOVERNMENT: IRS Computer Security Incident Response Center Needs Improvement. The Internal Revenue Service’s Computer Security Incident Response Center is preventing some cybersecurity violations, but could use some improvements, according to a new report. The report, from the Treasury Inspector General for Tax Administration, noted that the CSIRC is responsible for preventing, detecting, reporting, and responding to cybersecurity incidents, such as computer related threats and attacks targeting the IRS’s technology assets. As the IRS holds tax information on all taxpayers, the agency presents an attractive target for hackers. But weaknesses in the CSIRC program could prevent the timely detection, prevention, or reporting of unauthorized access and disclosure of taxpayer data. Find out more
GOVERNANCE: The Methodology of Improving Incident Response. AusCERT is one of the oldest CERT’s in the world, and Phil Cole says the independent organization is now laser-focused on helping enterprises across sectors to fundamentally improve their strategies and solutions for incident response. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems April 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-april-2017-75757463.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.