"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
"Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone; however, automation can make the process of continuous monitoring more efficient," NIST says.
Looking ahead to the new year, Kristin Lovejoy of IBM says information security organizations face a host of global compliance issues - and the complexity of this challenge may be the biggest task of 2011.
Federal CIO Vivek Kundra has high hopes for CyberScope, which agencies are to use next month to report on their FISMA compliance. But 85 percent of agency CIOs and CISOs say they have yet to use the tool, a new survey reports.
Though IT California state government is decentralized, there's still critical role for state CISO Mark Weatherford to perform to assure that departments and agencies do what needs to be accomplished to secure digital assets.
Governance, risk and compliance - GRC - are priorities for information security leaders of all organizations. And these priorities have only been underscored by the economic recession and elevated scrutiny of businesses and government agencies.
The next version of the Payment Card Industry Data Security Standard (PCI DSS), due out some time in 2010, may include guidelines for the use of virtualization technology to protect card data.
This was the prediction of some industry leaders meeting at the Payment Card Industry's Security Standards Council...
Gilligan helped initiate the program that requires PCs be preconfigured with specified security controls, and discusses the cultural challenges the government faces in expanding that practice to other technologies.