Government Information Security Podcast

A big complaint about the Federal Information Security Management Act (FISMA) is that agencies complying with its provisions merely prove they're following processes aimed at securing information systems, but they don't necessarily prove the systems are indeed secure. In an exclusive interview, Ron Ross, the National Institute of Standards and Technology's FISMA guru, explains: The current challenges agencies face in complying with FISMA. How NIST standards, if adopted, will help secure government IT. Why no metric will fully assure systems will always be safe. Ron Ross is a senior computer scientist at the National Institute of Standards and Technology's Computer Security Division. His areas of specialization include security requirements definition, security testing and evaluation and information assurance. Ross leads the Federal Information Security Management Act Implementation Project for NIST.

A big complaint about the Federal Information Security Management Act (FISMA) is that agencies complying with its provisions merely prove they're following processes aimed at securing information systems, but they don't necessarily prove the systems are indeed secure. In an exclusive interview, Ron Ross, the National Institute of Standards and Technology's FISMA guru, explains: The current challenges agencies face in complying with FISMA. How NIST standards, if adopted, will help secure government IT. Why no metric will fully assure systems will always be safe. Ron Ross is a senior computer scientist at the National Institute of Standards and Technology's Computer Security Division. His areas of specialization include security requirements definition, security testing and evaluation and information assurance. Ross leads the Federal Information Security Management Act Implementation Project for NIST.

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum. In an exclusive interview, Lawrence Rogers, chief architect of the SIA program, discusses: The need for cybersecurity education; The greatest cybersecurity needs in government and business; Potential career paths for cybersecurity professionals. Lawrence R. Rogers is a senior member of the technical staff in the CERT Program (also the home of the CERT Coordination Center). He has been writing articles for the non-computer professional for several years and was the chief architect and main contributor to the CERT Survivability and Information Assurance (SIA) Curriculum. He is currently a member of the Cyber Forensics team and teaches courses on system administration, cyber forensics, and incident handling.

Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum. In an exclusive interview, Lawrence Rogers, chief architect of the SIA program, discusses: The need for cybersecurity education; The greatest cybersecurity needs in government and business; Potential career paths for cybersecurity professionals. Lawrence R. Rogers is a senior member of the technical staff in the CERT Program (also the home of the CERT Coordination Center). He has been writing articles for the non-computer professional for several years and was the chief architect and main contributor to the CERT Survivability and Information Assurance (SIA) Curriculum. He is currently a member of the Cyber Forensics team and teaches courses on system administration, cyber forensics, and incident handling.

Tom Davis wrote the original Federal Information Security Management Act in 2002, and says the legislation has served the government and nation well. The one-time powerful chairman of the House Government Reform Committee, which provides oversight on information technology matters, feels it's time for Congress to update FISMA. With a strong reputation as a lawmaker who worked well with Democrats, the Virginia Republican is now director of Federal Government Services at the consultancy Deloitte. In this exclusive interview, Davis: Expresses disappointment that President Obama didn't include money for information security in the stimulus bill. Wants Congress to significantly increase the money appropriated for information security. Believes the scorecard that graded departmental and agency performance in regards to information security, once useful, should be abandoned. Tom Davis represented Virginia's Washington suburbs where many government workers live and government IT and defense contractors have offices. Before becoming chairman of the Government Reform Committee, Davis chaired several subcommittees, including the Subcommittee on Technology and Procurement Policy. Davis has also served as a co-chair of the Information Technology Working Group, which promotes a better understanding among members of Congress of important issues in the computer and technology industries.

Tom Davis wrote the original Federal Information Security Management Act in 2002, and says the legislation has served the government and nation well. The one-time powerful chairman of the House Government Reform Committee, which provides oversight on information technology matters, feels it's time for Congress to update FISMA. With a strong reputation as a lawmaker who worked well with Democrats, the Virginia Republican is now director of Federal Government Services at the consultancy Deloitte. In this exclusive interview, Davis: Expresses disappointment that President Obama didn't include money for information security in the stimulus bill. Wants Congress to significantly increase the money appropriated for information security. Believes the scorecard that graded departmental and agency performance in regards to information security, once useful, should be abandoned. Tom Davis represented Virginia's Washington suburbs where many government workers live and government IT and defense contractors have offices. Before becoming chairman of the Government Reform Committee, Davis chaired several subcommittees, including the Subcommittee on Technology and Procurement Policy. Davis has also served as a co-chair of the Information Technology Working Group, which promotes a better understanding among members of Congress of important issues in the computer and technology industries.

We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant? In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including: Patterns and trends of insider crimes; Motives and means displayed in real insider cases; What employers and staffs can do to prevent and detect crimes. Trzeciak is currently a Senior Member of the Technical Staff for the Threat and Incident Management Team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. He is a member of a team in CERT focusing on insider threat research, including insider threat studies being conducted with the US Secret Service National Threat Assessment Center, DOD's Personnel Security Research Center (PERSEREC), and Carnegie Mellon's CyLab.

We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant? In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including: Patterns and trends of insider crimes; Motives and means displayed in real insider cases; What employers and staffs can do to prevent and detect crimes. Trzeciak is currently a Senior Member of the Technical Staff for the Threat and Incident Management Team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. He is a member of a team in CERT focusing on insider threat research, including insider threat studies being conducted with the US Secret Service National Threat Assessment Center, DOD's Personnel Security Research Center (PERSEREC), and Carnegie Mellon's CyLab.

The Washington think tank Center for Strategic and International Studies released in December a report from the Commission on Cybersecurity for the 44th Presidency, a bipartisan comprehensive study initiated in 2007 of the cybersecurity challenges the next president would face. Among the commission's recommendation was the creation within the White House of an Office of Cyberspace that would address federal government information challenges. In a two-part interview with GovInfoSecurity.com, commission co-chair Harry Raduege discusses how he sees the Obama administration addressing the panel's recommendations. In Part 2, Raduege addresses: Balancing the use of new technologies by federal employees with the need to secure IT. The relationship between the chief information officer and the chief information security officer. Building trust between the private and public sectors that's required to secure information technology. Harry D. Raduege Jr., chairman of the Deloitte Center for Network Innovation, is a retired Air Force lieutenant general who served in the military for 35 years. At his retirement, he was director of the Defense Information Systems Agency. Prior to his DISA assignment, Raduege directed command and control systems for North American Aerospace Defense Command, U.S. Space Command and Air Force Space Command. He also served as the chief information officer for all three commands as well as the architect for computer network defense and attack capabilities established within the Department of Defense. Raduege was one of three co-chairs of the Commission on Cybersecurity for the 44th Presidency.

The Washington think tank Center for Strategic and International Studies released in December a report from the Commission on Cybersecurity for the 44th Presidency, a bipartisan comprehensive study initiated in 2007 of the cybersecurity challenges the next president would face. Among the commission's recommendation was the creation within the White House of an Office of Cyberspace that would address federal government information challenges. In a two-part interview with GovInfoSecurity.com, commission co-chair Harry Raduege discusses how he sees the Obama administration addressing the panel's recommendations. In Part 2, Raduege addresses: Balancing the use of new technologies by federal employees with the need to secure IT. The relationship between the chief information officer and the chief information security officer. Building trust between the private and public sectors that's required to secure information technology. Harry D. Raduege Jr., chairman of the Deloitte Center for Network Innovation, is a retired Air Force lieutenant general who served in the military for 35 years. At his retirement, he was director of the Defense Information Systems Agency. Prior to his DISA assignment, Raduege directed command and control systems for North American Aerospace Defense Command, U.S. Space Command and Air Force Space Command. He also served as the chief information officer for all three commands as well as the architect for computer network defense and attack capabilities established within the Department of Defense. Raduege was one of three co-chairs of the Commission on Cybersecurity for the 44th Presidency.

The Washington think tank Center for Strategic and International Studies released in December a report from the Commission on Cybersecurity for the 44th Presidency, a bipartisan comprehensive study initiated in 2007 of the cybersecurity challenges the next president would face. Among the commission's recommendation was the creation within the White House of an Office of Cyberspace that would address federal government information challenges. In a two-part interview with GovInfoSecurity.com, commission co-chair Harry Raduege discusses how he sees the Obama administration addressing the panel's recommendations. In Part 1, Raduege explains: The stark reality that the bad guys are winning and our nation is at risk. Why a White House Office of Cyberspace is critically needed to secure federal IT. How the government must change the mindset of federal employees to help assure IT security. Harry D. Raduege Jr., chairman of the Deloitte Center for Network Innovation, is a retired Air Force lieutenant general who served in the military for 35 years. At his retirement, he was director of the Defense Information Systems Agency. Prior to his DISA assignment, Raduege directed command and control systems for North American Aerospace Defense Command, U.S. Space Command and Air Force Space Command. He also served as the chief information officer for all three commands as well as the architect for computer network defense and attack capabilities established within the Department of Defense. Raduege was one of three co-chairs of the Commission on Cybersecurity for the 44th Presidency.