Skip to content

Cyber Warriors: A Frank Discussion at FedSMC, Part III

April 15, 2011

In this last installment of our FedSMC panel discussion earlier this week, the focus is on the specific security controls that federal CISOs and security professionals can implement to ensure that bad things – from insider threats, to successful phishing attacks – can be prevented.

Perhaps the most glaring solution, and one promoted as critical by all three of our panelists, is the need for better security education and awareness training.  According to Theresa Payton, “CBTs [computer-based training] are not going to cut it – people just go through and click, without really thinking about security after the CBT is over.”  The consensus across the panel is that real security awareness involves concretely demonstrating how security threats can be realized by bad user behavior, through hands-on examples.  If people actually see how the can be exploited – and the ramifications of it – they’re much less likely to exhibit insecure behaviors.

Another critical requirement is for organizations to focus on end points; configuration security is absolutely critical to ensuring this, whether the end point is a server, desktop, laptop, or mobile device.  As John Pescatore of Gartner pointed out, over 65% of successful attacks are enabled due to security misconfiguration; poorly configured security gives attackers and malware carte blanche into your systems.

Finally, the third critical tool is appropriate authentication and authorization.  From multi-factor authentication, to role-based access control and ensuring that employees and contractors are granted security access based on the concept of least privilege, these two mechanisms can prove invaluable to mitigating the risks posed by today’s most pervasive threats.

I’d like to thank all three of my panelists at this year’s FedSMC event — former White House CIO Theresa Payton, former Army G-6 CIO Vernon Bettencourt, and NIST Distinguished Scientist Dr. Ron Ross – for their fantastic insight!

Advertisements
One Comment leave one →
  1. Jim permalink
    April 16, 2011 6:29 am

    Am writing a thesis on Public Trust in WikiLeaks, the Media and the Government and need to know what your opinions are. The online survey is multiple choice and will take approximately 10 minutes to complete. Please follow the link: http://www.kwiksurveys.com/?s=ILLLML_9669e09d

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: