ICIT Virtual Briefing: Software Supply Chain Security – Balancing Internal Orchestration with Attack Vectors Along with security controls and AppSec policies, the way you and your teams treat the software you build over time impacts the speed at which you can react to a threat. The truth is that open source software (OSS) is often treated as if it isn’t a security problem—until it is. The log4j vulnerability and the subsequen...

"How can we implement a holistic approach to cybersecurity?" "What methodologies, policies, technologies, and specific tools can we deploy to prevent, detect and monitor cybersecurity threats"? "How can we build a more effective program?" As more data breaches are disclosed, cybersecurity is at the forefront of Boards, executives, employees and consumers. Breaches are a continuing threat to an organization's reputation through the disclosure o...

You are invited to join the Cybersecurity Supply Chain Risk Management (C-SCRM) Acquisition Community of Practice (ACoP) on August 16 at 1p.m. EST. Since the launch of the C-SCRM ACoP, GSA and CISA have been co-leading an effort to broaden the level of awareness and develop agency maturity in the areas of acquisitions, supply chain risk management, and cybersecurity across the Federal Government for information communication technology and ser...

"How can we implement a holistic approach to cybersecurity?" "What methodologies, policies, technologies, and specific tools can we deploy to prevent, detect and monitor cybersecurity threats"? "How can we build a more effective program?" As more data breaches are disclosed, cybersecurity is at the forefront of Boards, executives, employees and consumers. Breaches are a continuing threat to an organization's reputation through the disclosure o...

Department of Homeland Security (DHS) is one of the leading federal agencies in implementing in Cloud, UI/UX, SecDevOps and Cybersecurity capabilities. In 2021, President Biden signed Executive Orders (EO), some of them have a major impact on most components of DHS. First Executive Order is “Improving the Nation’s Cybersecurity”. It is a detailed overview of the Federal government’s plan to better secure America ...

A Fireside Chat with David Shive , Chief Information Officer, General Services Administration

When DOD rolled out its Cybersecurity Maturity Model Certification program in 2020, it was designed to secure the Controlled Unclassified Information (CUI) in systems used by contractors in Defense Industrial Base that support business and warfighting efforts. Initially, an independent accreditation body was to certify a group of third-party assessment organizations. The plan ran into a number of obstacles as industry organizations questioned...

Embracing Digital Agility and Digital Transformation are of paramount importance for the DoD given the rapidly evolving cyber, technology, and threat environments. When IT is implemented correctly it can greatly improve security, resiliency, and usability ensuring high value and effectiveness on the investment. Unfortunately, adopting new paradigms and approaches across the larger DoD enterprise is not easy; requiring coordination of cultural...

In October 2020, DOJ announced a policy that permits state and local officers on DOJ Task Forces to wear and activate BWCs when the use of force is possible - while serving arrest warrants, executing other planned arrest operations, and during the execution of search warrants. On June 7 2021, based on recommendations from the Department's law enforcement components, the Attorney General directed the Acting Director of the Bureau of Alcohol, To...

The role of Chief Information Security Officer is important making security is front and center in protecting organizations in a post SolarWinds and Log4j world. As the need to share information between different agencies with both connected and disconnected applications increases, agencies need to think beyond DevSecOps and Zero Trust. Existing approaches to building software and the use of automation need to be reevaluated. The Department of...