Sunday, December 10, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • DEF CON 31 Car Hacking Village - Euntae Jang’s, Donghyon Jeong’s, Jonghyuk Song’s ‘Automotive USB Fuzzing’
  • WTH is Modern SOC, Part 1
  • Key takeaways from Sift’s live session with iGaming Business on differentiating between players and fraudsters
  • DEF CON 31 - John Novak’s ‘Azure B2C 0Day - An Exploit Chain From Public Keys To Microsoft Bug Bounty’
  • The Endless Pursuit of the Ecosystem
Security Bloggers Network 

Home » Security Bloggers Network » Federal Agencies Fell Short in Assessments of Cybersecurity Employees, Finds Report

SBN

Federal Agencies Fell Short in Assessments of Cybersecurity Employees, Finds Report

by David Bisson on June 25, 2018

The skills gap poses a persistent challenge to organizations. Enterprises need a qualified workforce if they are to adequately defend against digital threats. This is true for every industry and is especially so for the public sector.

AI on ActionSponsorships Available

Acknowledging that fact, Congress enacted the Federal Cybersecurity Workforce Assessment Act (Act) in 2015. This piece of legislation requires the Office of Personnel Management (OPM) to develop a coding structure under the National Initiative for Cybersecurity Education (NICE) for cybersecurity positions and create procedures that facilitate the coding structure’s implementation for civilian cybersecurity positions. It also stipulates that 24 agencies covered by the Chief Financial Officers (CFO) Act must submit baseline assessments of their workforces and establish processes to apply OPM’s coding structure to their workforces.

Most of the CFO Act agencies submitted baseline assessments. In an effort to examine the OPM’s coding procedures and understand the progress of the Act’s implementation, the U.S. Government Accountability Office (GAO) reviewed the baseline assessments and coding procedures from the reporting agencies. It also interviewed personnel at both the OPM and the CFO Act agencies and published its findings in a report to congressional committees.

What it learned was less than encouraging.

Of the 24 CFO Act agencies that were required to submit baseline assessments, 21 of them complied with the Act and sent their analyses to Congress. Three agencies—the Department of Homeland Security, the U.S. Department of Housing and Urban Development and the Small Business Administration—did not submit assessments due to a lack of tools and resources, among other reasons. Even then, four of the agency assessments didn’t contain all relevant information, namely, they didn’t discuss the level of preparedness of employees without certifications to take certification exams. Additionally, one agency failed to discuss in its assessment how it planned to mitigate certification (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/government/federal-agencies-fell-short-in-assessments-of-cybersecurity-employees-finds-report/

June 25, 2018June 25, 2018 David Bisson certifications, Cybersecurity, Featured Articles, Federal, government
  • ← Making Continuous HIPAA Compliance Easy with ExpertOps
  • Cybersecurity Tips for Conveyancers and Solicitors using PEXA →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Mon 11

How Boundless Software Accelerated Customer Onboarding With Calico Cloud and Amazon EKS

December 11 @ 11:00 am - 12:00 pm
Mon 11

API Security

December 11 @ 1:00 pm - 2:00 pm
Thu 14

AWS Immersion Day: Securing Your Infrastructure-as-Code With Snyk and HashiCorp

December 14 @ 1:00 pm - 3:00 pm
Tue 19

Best Practices to Secure and Protect Modern Software Applications

December 19 @ 9:00 am - 10:00 am
Jan 17

Transformative Benefits of Automated Dependency Updates for Your Applications

January 17, 2024 @ 9:00 am - 10:00 am
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm
Mar 11

Securing Open Source

March 11, 2024 @ 1:00 pm - 2:00 pm
May 20

Zero-Trust

May 20, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

23andMe Finally Admits: 6.9 MILLION Users’ PII Breached
Russian-Backed Hackers Target High-Value US, European Entities
Use Windows 10? You Must PAY for Security
AI and Quantum Computing Threaten Encryption and Data Security
5 Security Benefits of Application Mapping
Top Characteristics of a QR Code Phishing Email
Kubernetes Security: Sensitive Secrets Exposed
“Do Not Push To Production” And Other Insecure Code, Demonstrated By An Ethical Hacker
How to Improve Performance with Client-Side JavaScript Tag Optimizations
Top Security Trends and Predictions for 2024

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics Digital Transformation Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan

December 8, 2023 Richi Jennings | 1 day ago 0
CISA to Developers: Adopt Memory Safe Programming Languages
Cybersecurity Data Security DevOps Endpoint Featured Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Vulnerabilities 

CISA to Developers: Adopt Memory Safe Programming Languages

December 7, 2023 Jeffrey Burt | 2 days ago 0
Dragos Offers Free OT Security Tools to Small Utilities
Cloud Security Cybersecurity Data Security DevOps Featured Industry Spotlight IoT & ICS Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

Dragos Offers Free OT Security Tools to Small Utilities

December 7, 2023 Jeffrey Burt | 2 days ago 0

Top Stories

Trojan Malware Hidden in Cracked macOS Software, Kaspersky Says
Cybersecurity Data Security Endpoint Featured Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

Trojan Malware Hidden in Cracked macOS Software, Kaspersky Says

December 8, 2023 Jeffrey Burt | 1 day ago 0
Identity Fraud Rises as E-Commerce, Payment Firms Targeted
Analytics & Intelligence Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Identity Fraud Rises as E-Commerce, Payment Firms Targeted

December 8, 2023 Nathan Eddy | 1 day ago 0
CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency
Application Security Cloud Security Cybersecurity Data Security Identity & Access Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency

December 6, 2023 Jeffrey Burt | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Compact Graphs’

Randall Munroe’s XKCD ‘Compact Graphs’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Cloud Workload Resilience PulseMeter

Step 1 of 8

12%
How do you define cloud resiliency for cloud workloads? (Select 3)(Required)
  • Smaller, self-contained microservices fail independently without impacting overall availability.
  • Containerized software provides isolation and consistency, making it easier to scale and recover from failure.
  • Stateless design patterns increase scalability and can fail independently without impacting other parts of cloud applications.
  • Serverless design pattern allows events to initiate the operation of the discrete functions as needed.
  • Cloud-native architecture significantly influences the resiliency of cloud-deployed applications.
  • Cloud-native architecture provides limited or no resiliency improvement.
How important is improving the resiliency of cloud workloads for your organization in 2024? (Select 1)(Required)
Which of the following do you use to improve the resiliency of cloud workloads? (Select all that apply)(Required)
  • Distribute workloads
  • Portable workloads across multiple cloud providers
  • Move some workloads to the edge
  • Kubernetes clusters for failover and load distribution
  • Stateless software design
  • Increased security posture
  • Setting meaningful and achievable resiliency goals
What are the most significant challenges to improving the resiliency of cloud workloads or cloud-native applications? (Select all that apply)(Required)
How much of your cloud workload is cloud-native today? (Select 1)(Required)
What is your business or organization's size (# employees)? (Select 1)(Required)