Topic: Cybersecurity Policy

From the Winter 2019 Issue

Designing Compliance: To Cloud or Not to Cloud?

Author(s):

Ryan Brady, Cybersecurity Analyst, ProObject

RyanBrady-feature-image-wn19

Organizations implementing a new corporate network may find it more practical to not deploy and manage an on-premises network infrastructure (e.g., a network with local internally managed servers). The cloud provides an attractive alternative. Data storage, virtualization, software development, and system management are all managed offsite by cloud service providers. These offerings collectively comprise software … Read more

From the Winter 2019 Issue

Increasing the Operational Readiness and Performance of Department of Defense Cybersecurity Service Providers

Author(s):

Cesar Pie, Strategist, Defensive Cyber Solutions Branch

Clinton Hackney, Strategist, Defensive Cyber Solutions Branch

CSIOS

Introduction Since its establishment in 2001, the Department of Defense (DOD) Cybersecurity Service Provider (CSSP) Program has progressively and systematically matured to become one of the most critical components of the Department’s Defense — In-Depth strategy. Today, 24 DOD CSSPs are responsible for provisioning 24x7x365 cybersecurity services (e.g., protect, detect, respond, and sustain) to implement … Read more

CAA Record: A Small Step Towards a Safer Internet

Author(s):

Paul Baka, ,

CAA Records Metadata

A Case of Misplaced Trust A lot of trust is placed in certificate authorities. SSL/TLS on its’ own protects against a malicious actors. It does this by intercepting communications. However, certificate authorities do nothing to prevent sending data to someone who has found a way to route client traffic to a copycat website. Certificate Authorities … Read more

From the Fall 2018 Issue

The Next Generation of Defensive Cyberspace Operators

Author(s):

Cesar Pie, Strategist, Defensive Cyber Solutions Branch

Clinton Hackney, Strategist, Defensive Cyber Solutions Branch

Defensive Cyberspace Operations

Introduction Whether internal or external to the Department of Defense Information Network (DODIN), passive and active Defense Cyberspace Operations (DCO) are Cyberspace Operations (CO) intended to protect and defend the Department of Defense (DOD) or other friendly cyberspace from adversary actions. A key characteristic of DOD’s DCO is the construct of active cyberspace defense. Active … Read more

From the Fall 2018 Issue

Compliance: Complexity to Simplicity

Author(s):

Ryan Brady, Cybersecurity Analyst, ProObject

compliance header

Simplifying NIST SP 800-171 Compliance Process Since the contracting community has grown substantially, it also has led to a series of high profile breaches. These breaches involved the exfiltration of government data from contractors who were victims of hacks or insider threats. Incident response and forensics usually find the contractor was not updating systems regularly … Read more

From the Fall 2018 Issue

What’s the Big Hurry? The Urgency of Breach Notification

Author(s):

Ellen Cornelius, J.D., J.D., The Center for Health & Homeland Security

bigstock-Security-Breach-Cyber-Attack-C-129175730.jpg

Globally, about 5 million data records are lost or stolen each day. For each theft, consumers spend an average of 20 hours and $770 to attempt to rectify their losses. Individuals’ reputations suffer, sometimes permanently. Consumers should take action after they are notified of a data breach because there is a good chance that criminals … Read more

From the Fall 2018 Issue

Maryland’s Landmark Legislation: Cybersecurity Now More Attainable for Small Business

Author(s):

Mike Binko, CAMI Board Member - Policy & Legislative Affairs | Chairperson, StartUp Maryland | Founder & CEO

MD CAMI Heade

It is no secret that most small businesses nationwide are vulnerable to cyber-attacks, and fortunately for Maryland, stakeholders wanted to do something about it. Championed by elected officials – both Republicans and Democrats – with support from the Cybersecurity Association of Maryland, Inc. (CAMI), the Better Business Bureau (BBB) of Greater Maryland, the Maryland Department … Read more

From the Fall 2018 Issue

NYDFS Cybersecurity Regulation: Panic or Celebration?

Author(s):

Dr. Jason Edwards, Director of Cybersecurity Strategy and Planning, USAA

Griffin Weaver, Senior Legal Counsel, Dell Technologies

edwards-weaver-header-image

While U.S. regulators typically issue cybersecurity guidance instead of strict cybersecurity regulations, the New York Department of Financial Services (NYDFS) broke the mold by issuing the most comprehensive and prescriptive state cybersecurity regulation (23 NYCRR 500)…

From the Summer 2018 Issue

An Outsider’s Look at the United States Cyber Command: The 10TH Unified and 4TH Functional Combatant Command

Author(s):

Cesar Pie, Strategist, Defensive Cyber Solutions Branch

cybercommand

The 10TH Unified and 4TH Functional Combatant Command The United States (U.S.), along with its allies and potential foes, are witnessing an unprecedented fast–paced evolution of the 21st century cyberspace domain landscape. As it relates to our military advancements, key milestones have included: the establishment of the U.S. Cyber Command or USCYBERCOM on June 23, … Read more