PENETRATION TESTING
NEXT-GEN: Where Should Pen Testing and Source Code Review Fit into Your Dev Lifecycle? Pen testing and source code review are integral to strengthening your application’s security backbone. Here’s a quick breakdown of why and where they might fit into the lifecycle. Read more
[INFOSECURITY-MAGAZINE.COM]
SECURITY: 3 Reasons Why CIOs Will Feel More Heat in 2018. Rep. Will Hurd (R-Texas) is putting more pressure on agencies to make better use of the Homeland Security Department’s security architecture reviews and risk and vulnerability assessments, or obtain similar services from contractors to discover and mitigate cyber vulnerabilities. “When it comes to penetration testing, a passive scan is not a penetration test. A good best practice is to use on a regular basis a third-party security folks to come in and do a technical vulnerability or penetration test,” said Hurd. “That level of engagement is not happening as much as I previously thought.” Read more
[FEDERALNEWSRADIO.COM]
FEDERAL GOVERNMENT: Agencies Could Be Graded On More Than FITARA Under New Scorecard. At least one lawmaker wants to transition the scorecard to have a wider focus beyond FITARA but not everyone is ready to move on. Read more.
[NEXTGOV.COM]
PROBLEM SOLVING: Three Pen Test Tools for Free Penetration Testing. Nmap, Nessus and Nikto are penetration testing tools that security operators can use to conduct pentests on their networks and applications. Read more.
[SEARCHMIDMARKETSECURITY.TECHTARGET.COM] [REGISTRATION REQUIRED FOR ACCESS]
==========
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems March 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-march-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========
