GovInfoSecurity.com

Detailed actions of privileged users are critical in today's business environment of IT outsourcing, off-shoring and supplementing IT staff with contractors. Major regulations require documenting what users actually do with the privileges and rights granted to them and how their actions impact the IT environment....

FISMA addresses security issues in a comprehensive manner, covering everything from identity management to physical building security. This white paper focuses specifically on identity and access management (IAM) issues, using the guidance provided by NIST Special Publication 800-53 recommended Security Controls for...

Government agencies need to secure and control access to sensitive data while satisfying rigorous audit and compliance requirements. But, which encryption technology gives you the right data protection? Database encryption solutions can cause performance hits while leaving unstructured data exposed to hackers and...

This white paper explains, defines and enforces the necessity to implement policies for systems that contain and allow access to sensitive data. These policies are in place to help mitigate problems in case there are security holes that allow for accidental or intentional interception of critical information, i.e....

Due to the current fiscal crisis and the projected long-term climate change in public finances, most governments in developed countries must get used to managing in a different world than the one they came from - a world of constantly declining budgets. IT plays a significant role in navigating this crisis and beyond....

This white paper outlines the limitations of traditional defense mechanisms; specifically, how cybercriminals have refined the malware manufacturing and development process to systematically bypass them - thereby initiating an arms race with defenders. Security patches are found to be a primary and effective means to...

Unfortunately, user accounts with reduced privileges do not provide protection from attack, misuse or compromise. Reduced privileges for end-users can only be regarded as one part of an effective security strategy that should not be solely relied on. Organizations should know the limitations of this approach to...

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) is designed to significantly transform the way the financial system operates. The large scale of the law has slowed the detail and clarity that is expected with this reform. The act needs the guiding hand of a systemic approach to help with the...

By December 6, 2011, all federal agencies must develop a compliance plan for how they will identify and protect Controlled Unclassified Information (CUI). Is your agency ready? In this white paper, Patricia Hammar, executive secretary of the CUI Presidential Task Force, provides expert advice on developing a CUI...

Security intelligence, built on the same concepts that have made business intelligence an essential enterprise technology, is the critical next step for organizations that recognize the importance of information security to their business health. Too often, the response to new security threats is a "finger in the dam"...