Monday, March 27, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • AI/ML's Role in Software Supply Chain Security
  • An Approach to Resolving PKI Talent Scarcity
  • The Future of Cyber Risk Quantification: Beyond the Traditional Tool
  • Business Email Compromise Threats Soar Past Phishing Risks
  • Best Practices for Lean Teams to Improve Application Security Maturity
Governance, Risk & Compliance Security Bloggers Network 

Home » Cybersecurity » Governance, Risk & Compliance » Federal Agencies’ Digital Security Programs Need Work, Risk Assessments Reveal

SBN

Federal Agencies’ Digital Security Programs Need Work, Risk Assessments Reveal

by David Bisson on June 11, 2018

On 11 May 2017, President Trump issued the Executive Order, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This directive, among other things, identified agency heads as those who are ultimately responsible for managing cybersecurity risk within executive departments.

TechStrong Con 2023Sponsorships Available

In service of that purpose, the White House specified in its order that federal agency heads must use the NIST’s Cybersecurity Framework to manage their agency’s digital security risk. It also required agency heads to submit a risk management report to the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) within 90 days of the Executive Order’s date of issuance.

OMB and DHS received risk management assessments from 96 civilian agencies. Together, the two government bodies evaluated the reports across 76 metrics to measure the agencies’ preparedness for identifying, detecting, responding to and recovering from digital security incidents. They then presented their findings in their joint Federal Cybersecurity Risk Determination Report and Action Plan to the President of the United States (Risk Report), which they published on 30 May 2018.

Overall, OMB and DHS found that federal agencies’ digital security programs need work. Of the 96 agencies that submitted reports, just 25 of them were adequately managing risk across the enterprise. The remaining 71 agencies (or 74 percent of participants) had digital security programs that were either at risk or at high risk, meaning they were ill-equipped to investigate how threat actors could access their information and to make wise digital security investments.

The Risk Report tied this evaluation to four main findings. These were as follows:

Finding One: Limited Situational Awareness

First and foremost, OMB and DHS observed in their review that agencies possess limited situational awareness of the threats in their environments. They found that those charged with defending agency networks don’t have (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/government/federal-agencies-digital-security-programs-need-work-risk-assessments-reveal/

June 11, 2018June 11, 2018 David Bisson Compliance, Featured Articles, Federal, government, risk
  • ← Women in Information Security: Avi
  • Banks Highly Vulnerable to Inside Attacks →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Is Trafficking in Hacking Information a Crime?
Using Deception to Learn About Russian Threat Actors
Phishing, Brute Force Attacks Rise in Expanded Threat Landscape
Modern Cybersecurity Problems Need Next-Gen PAM Solutions
Business Email Compromise Threats Soar Past Phishing Risks
How to select the right fraud prevention platform for your business
Top Data Breaches in 2022 and 2023 Point to Increases in Phishing and Ransomware
How to Handle AWS Secrets
Emotet and Other Malware Shifting Tactics to OneNote Files
SafeBreach Coverage for Microsoft Outlook for Windows Vulnerability – CVE-2023-23397

Upcoming Webinars

Apr 04

Key Strategies for a Secure and Productive Hybrid Workforce

April 4 @ 1:00 pm - 2:00 pm
Apr 05

Securing Kubernetes With SentinelOne and AWS

April 5 @ 1:00 pm - 2:00 pm
Apr 05

From Vulnerable to Invincible: The Five-Step Journey to Complete Cloud Security

April 5 @ 3:00 pm - 4:00 pm
Apr 12

The State of Cloud-Native Security 2023

April 12 @ 1:00 pm - 2:00 pm
Apr 13

Case Study: Improving Code Security With Continuous Software Modernization

April 13 @ 11:00 am - 12:00 pm
Apr 20

Lessons From a Live Hack: Secure Your Cloud From the Inside

April 20 @ 3:00 pm - 4:00 pm
Apr 24

Securing Open Source

April 24 @ 1:00 pm - 2:00 pm
May 03

https://webinars.securityboulevard.com/ciso-panel-tips-for-optimizing-cloud-native-security-stack-in-2023?utm_campaign=2023.05.03_Aqua_Webinar_SB&utm_source=BMRegister

May 3 @ 3:00 pm - 4:00 pm
May 22

Ransomware

May 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?

March 17, 2023 Richi Jennings | Mar 17 0
White House to Regulate Cloud Security: Good Luck With That
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

White House to Regulate Cloud Security: Good Luck With That

March 13, 2023 Richi Jennings | Mar 13 0
‘Extraordinary, Egregious’ Data Breach at House and Senate
Analytics & Intelligence API Security Application Security CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Extraordinary, Egregious’ Data Breach at House and Senate

March 10, 2023 Richi Jennings | Mar 10 0

Top Stories

Cybersecurity Leaders Stressed Over Email Security
Application Security Cloud Security Cybersecurity Endpoint Featured Mobile Security Network Security News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Cybersecurity Leaders Stressed Over Email Security

March 21, 2023 Nathan Eddy | Mar 21 0
Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast
Analytics & Intelligence Application Security Blockchain Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Digital Currency Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast

March 16, 2023 Richi Jennings | Mar 16 0
Dell Adds CrowdStrike to Cybersecurity Services Portfolio
Cloud Security Cybersecurity Featured Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence 

Dell Adds CrowdStrike to Cybersecurity Services Portfolio

March 15, 2023 Michael Vizard | Mar 15 0

Security Humor

Randall Munroe’s XKCD ‘Air Handler’

Randall Munroe’s XKCD ‘Air Handler’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.