Thursday, January 31, 2019
Week 8 - Huawei, a cautionary tale
Saturday, January 26, 2019
Week 7 - My life as an ISSM
I recently (January 7) started a new position as an ISSM. And while it is very interesting, I am realizing now that the learning curve is a steep one. Sure, courses like risk management and current trends in cyber security have exposed me to the concepts I deal with at work but it's almost like another language. Coupled with the fact that my organization (Testing and Engineering) is chock full of prior service Air Force personnel with a penchant for acronyms and well, let's just say my head swims most days. I am on the cusp of starting my 4th week and while I wouldn't say it's getting "easier", I am understanding the scope of my responsibilities and what my purpose in the organization is.
In a way, I think that I am on the right track. Prior to this position I worked in a data center. When I started there, I also did not know how to do any of the work. With proper training though I was able to work unsupervised in a few weeks. I wish this position was a little like my last one in that my production was easily measured by the number of items i processed daily. I currently find myself entangled with an SSP (System Security Plan) re-write for accreditation from our SCA (security controls assessor) so that we can be issued another ATO (authority to operate). See, I told you there were a lot of acronyms ;).
I short, I told my supervisor when I interviewed that I wanted to be challanged. Well, be careful what you wish for.
Monday, January 14, 2019
Week 6 – Resources, upon resources, upon resources
Saturday, January 12, 2019
Week 5 - Dissmal Cybersecurity Outlook Amidst Government Shutdown
Week 5
Hello readers. So, by now you know that our government is essentially at a stand still. National parks are being "destroyed", TSA agents are working without pay and quitting in some instances, and we remain divided as a nation. What really in trouble is the state of our cybersecurity.
DHS employees, who are responsible for civilian cybersecurity efforts such as threat analysis and information sharing, have been forloughed. This is a huge blow for the private industry who depend on DHS to keep abreast of threats and ensure a safe computing environment for their organizations. Further fallout of the shutdown is the reluctance of talented cybersecurity professionals to join the civil service ranks. Ranks that were already tough to fill prior to the shutdown.
The shutdown has the potential to not only affect the private sector but to also impact the government's security posture. Nearly 85 percent of the National Institute of Standards and Technology’s staff members are furloughed during the shutdown. This number is critical given the central importance of NIST security and privacy standards for not just government agencies but also many private companies.
The impostance of NIST can't be understated. They run a Computer Security Resource Center, which is currently offline, but whose resources can still be accessed by the wiley security expert. Another reason why it's such a "big deal" that the NIST site is not being maintained is the fact that NIST covers everything from encryption to how user accounts should be authenticated, sensitive data storage requirements, network intrusion monitoring, and security incidents response. Currently, federal law mandates that only federal agencies are required to follow the security guidelines issued by NIST, but many other organizations also rely on them as reputable, comprehensive, and well-vetted recommendations for best practices in computer security (Wolff, 2019). Perhaps with a bit of temparance we can all get back to work and continue protecting our national cyber-assets.
Reference:
J. Wolff. (2019, Jan. 9). The Shutdown is Hurting Cybersecurity. Retrieved from slate.com at: https://slate.com/technology/2019/01/government-shutdown-cybersecurity-dhs-nist.html