Man checking for computer vulnerabilities

Top 6 vulnerabilities found via penetration tests

Agency IT managers can often easily address the common vulnerabilities uncovered by penetration testing.

Construction workers

IRS trains devs to build in security from the start

Code analysts at the IRS are stepping in to help train software developers and project managers to make their software more secure from the beginning of the coding process.

People in a meeting showing importance of communication

Info sharing improves security, slows effects of brain drain

A panel of public and private sector technology leaders says sharing information is key to both improving cybersecurity and to replacing the expertise being lost with the flood of IT workers retiring from government.

photo mosaic of an eye

Worried about security? Beware the mosaic effect

Open data increases the possibilities that individual data sets can be combined and analyzed to reveal private or secure information.

Cyber threats created by Edward Snowden

Cyber threats are spreading, becoming more dangerous

"We have to assume that the sophistication and the prevalence of threats are going to grow," former White House Security advisor Tom Donilon told the FOSE audience.

Attendees at FOSE conference

FOSE 2014 spotlights trends, tactics that drive agency efficiency

With 60 sessions over three days, FOSE 2014 promises a balance of technology and policy designed to give agency managers a view of where IT is trending in government.

Hybrid cloud increases security

How government can securely leverage cloud environments

The choice for many agencies is not public or private clouds, but rather a blend of the two approaches – often referred to as a hybrid cloud – where Internet-based applications provide information into a system that sits inside agency firewalls.

E-filing of tax returns

New tools for combating income tax refund fraud

Agencies can combat income tax refund fraud with authentication tools that fit into existing evaluation processes.

woman wearing PIV badge

HSPD-12 at 10 years: Still a long way to go

The presidential directive that mandated the interoperable PIV card for government workers and contactors will be 10 years old this year, but although millions of cards have been issued, their actual usage remains dismally low.

Transport Layer Security

Agencies must update to newer versions of Transport Layer Security

New guidance from NIST for using TLS in government applications requires later versions of the protocol because of vulnerabilities in version 1.0.

man standing in front of several closed doors

What to look for in social malware defense

NSS Labs study found little difference in the performance of five popular enterprise products designed to protect against socially engineered malware, such as fake system upgrades and anti-virus offers.

Virtual city hall

In virtual town of Alphaville, students prep for cyber sieges

Alphaville is part of the Michigan Cyber Range, a network and classroom training environment designed to prepare IT managers on cybersecurity attacks and defenses.

Topic Resources

  • Continuous Monitoring: Elevating Cybersecurity in State and Local Government

    State and local agencies are not required to comply with federal policies related to continuous monitoring and NIST's Cybersecurity Framework, but they would be better off if they did. Whether it is required or not, the concept of continuous monitoring has been proven to raise the level of cybersecurity when implemented appropriately and with the right tools. Join this webcast to learn more about how your agency could benefit from continuous monitoring and NIST guidance.

  • The Rising Threat of Enterprise Cybercrime

    Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the network than a direct network attack. Agencies need to recognize and address this growing danger.

  • Continuous Monitoring to Achieve Cybersecurity

    As the cyber threat landscape evolves, security methods and tools need to change, too. In this Digital Dialogue, Ken Durbin, manager of Continuous Monitoring Practice at Symantec, explains how the undefined boundaries of the modern IT infrastructure necessitate the deployment of continuous monitoring solutions.

  • Stopping Zero-Day Exploits for Dummies

    Cyber attacks are growing every day and can become serious threats to your organization, but how do you know and understand the threats out there? Download a copy of this book, and you will discover the zero-day exploits and threats used to compromise your agency.