by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October 2015
Federal and state agencies have worked hard to implement telework, and it’s paying off. According to official reports at both levels of government, it has resulted in lower costs, higher employee satisfaction, improved productivity and better preparation for continuity of operations plans. Agencies understand that teleworking conveys many advantages, but also introduces increased security concerns. Remote PCs or mobile devices—whether owned by the agency or the employees themselves—can’t be consistently protected. To mitigate these threats, almost all agencies have implemented secure remote access in the form of a virtual private network (VPN). This includes identification, authentication and authorization at the firewall level, as well as encryption technology. Government agencies have learned the hard way though that not all VPNs are created equally. VPNs don’t all provide the same level of security. Some only require a username and password for access, despite the OMB’s requirement for two-factor authentication in all cases of remote access. Two-factor authentication requires any two of the following: something you know (like a password) something you are (biometrics, like a fingerprint) something you have (a smartcard or Common Access Card) Besides ensuring a VPN uses two- factor authentication, agencies can improve their remote access security by implementing network monitoring, Security Information and Event Management (SIEM), network access control, advanced malware protection and data loss prevention (DLP). Then there’s always the human element. All the technology in the world isn’t worth much if employees don’t know what’s acceptable and what’s risky. At the very least, any remote access security policy should include: List of specific equipment, operating systems and software acceptable for use outside the agency’s offices Requirements to keep the operating system, anti-virus and anti-malware software up to date by applying patches as soon as they become available Rules for how to connect to the VPN A “whitelist” of acceptable apps and/ or “blacklist” of unacceptable apps Teleworkers responsibilities when it comes to protecting the security and integrity of agency data Applications and data workers can’t access remotely Teleworker accountability and responsibility for data integrity and confidentiality Specific repercussions if guidelines are not followed Foster telework through secure remote access GameChanger Game ChanGinG TeChnoloGy To meeT aGenCy missions SponSored report Mobile Security Protecting mobile endpoints like smartphones and tablets has never been easy. The sheer explosion in the number of mobile devices in use at all levels of government agencies, many of them owned by employees themselves, is part of the issue. The way employees use those devices is another issue. according to a recent report from the Ponemon institute, employees who don’t comply with security policies are the greatest source of endpoint risk. all this means traditional methods of protecting mobile endpoints—anti-virus software, host-based firewalls and so on—aren’t enough anymore. These solutions and strategies can complement and integrate with existing enterprise mobility management solutions: identify the threats your users face today, and rewrite your endpoint security governance and control processes to reflect those realities. Without this, you won’t have the right information to choose the right tools. Upgrade to more advanced anti-malware detection that can analyze multiple file types, detect different forms of evasions and block bad files. invest in a solution that enforces continuous endpoint monitoring. These solutions offer real- time visibility and monitoring of all endpoints, policy enforcement, threat remediation and other security capabilities. include a threat intelligence component that analyzes real-time user and network data for potential threats. implement a real-time endpoint forensics data capture and analysis tool that can monitor all processes running on endpoints at all times, along with processes that aren’t considered normal behavior. Protect the Mobile endPoint
January and February 2016