The news is full of stories about external cybersecurity threats and how to combat them—like NSA’s new report on how to proactively address the threats of malware. But a new survey indicates federal IT professionals consider careless and untrained insiders the greatest source of IT security threats. Do you agree? Welcome to the weekly news kick off. Enjoy these highlights.
Careless and Untrained Insiders Greatest Source of IT Security Threats
A new survey shows more than half (53%) of federal IT pros identify careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42% a year ago . In December 2014, Market Connections, in conjunction with SolarWinds, conducted its second annual blind survey of 200 IT and IT security decision-makers in the federal government, military and intelligence communities in an effort to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them. Learn more about the report.
Proximity matters, even in the cloud, says DISA’s top technology official
Defense Information Systems Agency Chief Technology Officer David Mihelcic said where data is physically located still matters, even in a cloud environment, Fierce Government IT reports. “Even though we do want to believe that the cloud solves all our problems and everything should be managed and distributed, the speed of light is still a real thing,” he said. He adds that putting physical parameters on cloud assets can lead to innovative solutions.
NSA issues report on how to defend against destructive malware
Prevent, detect, and contain: Those are the key overarching strategies for combating data-destroying malware attacks, according to a new report issued this month by the National Security Agency, Information Week reports. The NSA’s Information Assurance Directorate (IAD) outlined key best practices for defending against such attacks that require organizations being proactive rather than reactive to a cyberattack.
GSA pushes out microchip-enabled charge cards
The General Services Administration will begin rolling out microchip-enabled charge cards to federal employees this month in compliance with the president’s October executive order on improving consumer security, FedScoop reports. By the year’s end, GSA’s SmartPay program expects to issue 1 million of what it calls “chip and PIN” charge cards to its purchase, travel, integrated and fleet card users under its GSA SmartPay 2 master contract.
“FedRAMP high” baseline will be available for comment soon
Federal Risk and Authorization Management Program Director Matthew Goodrich said Jan. 22 that a draft baseline for cloud computing systems that require FISMA high-impact level security is nearly ready for public comment, anticipating a January 27 publication date, FCW reports. Currently, FedRAMP authorizes systems only at the low- and moderate-impact levels set by the Federal Information Security Management Act. But adding high-impact cloud systems is part of the FedRAMP roadmap.