Thwarting the insider threat entails more than knowing an individual with access to a computer, but to recognize the synergy between the individual, organization, technology and environment, I3P Research Director Shari Lawrence Pfleeger says.
"There's a real threat out there." Cybersecurity Coordinator Howard Schmidt says. "But the threat sort of follows the way we build our defenses against it, and I think those things continue to move in parallel."
"Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone; however, automation can make the process of continuous monitoring more efficient," NIST says.
NIST issues a draft of new guidance that introduces a three-tiered approach to establish an enterprise-wide risk management strategy involving the participation of non-IT senior departmental and agency leaders.
A new White House plan to reform how the feds manage IT should not only drive efficiencies but help secure digital assets, says Tim Young, former Office of Management and Budget deputy administrator for e-government and IT.
Cybersecurity reform was part of a defense bill that included a provision to repeal a law that bar gays from serving openly in the military. Supporters couldn't muster the support to bring a Senate vote on the bill.
"We use the Social Security number in every aspect, both mundane and sensitive," says Conti, coauthor of a report on the military's use of personal identifiable information. "It's everywhere, so we're courting disaster in how we us it."