|
|
|
|
|
Not all threats to Federal cybersecurity are external. In June 2010, Wikileaks released thousands of classified Department of State and Department of Defense documents. Immediately following the release of those documents, the Secretary of Defense commissioned two internal Department of Defense studies to evaluate any weaknesses in their systems. The studies found that the Department's policies for dealing with an internal security threat were inadequate and that the Department had limited capability to detect and monitor anomalous behavior on its classified computer networks. |
|
Name(s:) |
Jason Chaffetz |
|
Title: |
United States Representative |
|
Agency(ies): |
House Committee on Oversight and Governmental Reform, United States House of Representatives |
|
Url: |
Url Link
|
|
|
The European leftists behind the Wikileaks episode intended to damage the United States and to hurt its credibility and influence internationally. The effect was to help our opponents ' jihadis and authoritarian regimes. We do not want to overstate the risk from events like Wikileaks, but those hostile to the United States will take advantage of poor security of information and the global reach of the internet to damage the United States. |
|
Name(s:) |
James Lewis |
|
Title: |
Director Technology and Public Policy Program |
|
Agency(ies): |
Center for Strategic and International Studies |
|
Url: |
Url Link
|
|
|
PROTECTING NETWORKS AGAINST THREATS & PREVENTING DATA LOSS
Deployment and management of an anti-malware solution is the first step in network protection. But this solution alone does not provision the entire security landscape.
You must also be constantly watching out for and monitoring vendor security notifications and alerts, and apply needed patches or workarounds as soon as possible. Ensuring that users are kept up to date through a security education and awareness program is vital to keeping networks secure. Last, but not least, know your assets, identify your perimeter of secure operations, and maintain a high level of situational awareness to ensure you are aware of, and can respond to, incidents in a timely manner for the sake of operational survival.
In light of the current key threat trends, and recent high-profile cases such as WikiLeaks and other data breaches, it has also become critical for all organizations to establish and implement a sustainable data loss prevention (DLP) program that effectively addresses evolving risk factors. A comprehensive, long- term, sustainable DLP program is based on the following principles:
-- Threat coverage: Information must be protected wherever it resides, whether at-rest, in-motion or in-use. This requires control points at multiple tiers (i.e. endpoint, gateway, network, back-end databases). Further enhanced compatibility with a cloud environment and Web 2.0 sites provides a more transparent Web experience for end-users that seamlessly prevents data exposure.
-- Data Insight: DLP should help enterprises identify their most critical information and enable simplified data clean-up and remediation through automated data owner identification. Besides continuous monitoring and auditing of data usage DLP needs to ensure adherence with corporate policies and regulatory compliance.
-- Business Process Integration: DLP must be incorporated into an organization's overall business process so that it is viewed as a business necessity, aligned with strategic goals, compliance requirements and risk management.
-- Risk Reduction Measurement: Enterprises should define achievable and measurable goals and then regularly review progress against them and hold business leaders accountable for meeting them.
-- Identify critical information and simplify remediation: Effective DLP solutions should include a unified platform that allows customers to create policies once, and enforce them everywhere to prevent confidential data loss across endpoint, network and storage systems. Integrated DLP technology helps enterprises align their information assets to business goals by simplifying the remediation of exposed critical data.
To reduce the risk of data breaches, organizations require a clear understanding about where their sensitive data resides and how it is being used. With this insight, organizations will be better placed to identify gaps in their strategy, better equipped to define their requirements, and better prepared to implement a data governance plan that will reduce their risk posture. |
|
Name(s:) |
Dean Turner |
|
Title: |
Director Global Intelligence Network |
|
Agency(ies): |
Symantec Security Response |
|
Url: |
Url Link
|
|
Title: |
Statement for the Record of Department of Homeland Security Before the United States House of Representatives Subcommittee on National Security, Homeland Defense and Foreign Operations Of the Committee on Oversight and Government Reform, Washington, DC, May 25, 2011 by Sean McGur, Director, Control Systems Security Program, National Cyber Security Division Department of Homeland Security |
|
Author: |
Sean McGurk |
|
Title: |
Director |
|
Authoring or Creator Agency: |
National Cyber Security Division, Department of Homeland Security |
|
|
Title: |
Cybersecurity: Assessing the Immediate Threat to the United States |
|
Authoring or Creator Agency: |
House Committee on Oversight and Government Reform, United States House of Representatives |
|
|
|
Archive Link |
|