Implement proven strategies and technology solutions for successful public governance. By leveraging new business models, innovative capabilities and the wealth of data available, you can create a robust and efficient public infrastructure, ensure safety and security, support the needs of individuals, facilitate sustainable economic growth, and build stronger communities.
Insider-implemented breaches, such as those by Edward Snowden and Bradley Manning can not only severely cripple the ability of Federal agencies to achieve their objectives, but can also have a chilling effect on Federal professional and administrative careers.
While insider threats persist, external threats are becoming more menacing and sophisticated. Advanced persistent threats, or APTs, blur the line between insider and external threats by allowing external adversaries to steal the user credentials required to bypass perimeter defenses and act as insiders. Due to their sophistication and required resources, APTs are often attributed to nation-states and other highly organized entities.
The Need for Compliance
As cybersecurity threats have proliferated and computer technology has advanced, compliance has become increasingly complex.
The government mandates encryption, and major regulations such as NIST 800-53, FIPs (up to level 3), and Common Criteria need to be part of the any data-security solution. And, as data moves to the cloud, agencies need to comply with FedRAMP. Finally, depending on the agency, HIPAA-HITECH and PCI DSS may also be important.
State and Local Government
State and local government agencies in the US rely on sensitive information stored in databases and file servers, and processed by various applications to provide their essential services. Almost every state has enacted a “data breach notification” law. These government data security laws generally require government agencies and businesses that have personal information about residents within a state to notify those residents of any unauthorized access to their information.
Government agencies are expected to protect personally identifiable information. Protection of such information is an integral part of demonstrating good stewardship and to comply with state data breach and data protection legislation.