by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January and February 2017
SPONSORED CONTENT Automated: Act immediately when the cyberattack strikes. Exploits often succeed in a matter of minutes, faster than even the most seasoned cyber professionals can see and react. Automated detection and response action balances the people, process, and technical controls in your agency to deal with today’s highly sophisticated cyberattacks. Reducing complexity, ensuring products work together and automating to the greatest possible extent is the best way to ensure better cybersecurity. “If the day-to-day activities are automated, then threats that need more attention are highlighted and network operators can make better decisions,” says Romness. This Doesn’t Mean Starting Over Making networks fully cybersecure doesn’t mean throwing ever ything out and starting over, says Steve Caimi, a specialist in U.S. Public Sector Cybersecurity at Cisco Systems. “NIST has been at the forefront of cybersecurity best practices, especially since FISMA was enacted and NIST developed Special Publication 800-53,” he says. “More recently, the NIST Cybersecurity Framework5 is an extremely effective way to assess the risks to your organization from a cyber perspective and guide you to where you should invest.” NIST’s Cybersecurity Framework outlines the people, processes and technology controls that are essential for an effective cybersecurity program. It’s organized around five core functions: Identify, Protect, Detect, Respond and Recover. While every government agency at every level faces different threats and types of risks, the Framework helps organizations assess where they are, and identify the biggest risks to their particular organization. It’s so effective the Commission on Enhancing National Cybersecurity recommends it become mandatory across the federal government. Gartner estimates that by 2020, more than 50 percent of organizations, both government and commercial, will have adopted the NIST Cybersecurity Framework. That’s up from 30 percent in 2015. Before making any changes, Caimi recommends agencies at all levels of government assess their agencies with a true understanding of the Cybersecurity Framework. The next step is using the processes it outlines to improve the cybersecurity program and determine where to focus. Using existing best practices like the NIST Cybersecurity Framework to review what is already in place and analyze current risks and threats is a good first step to improving cybersecurity. While it’s true no organization can ever be 100 percent cybersecure, agencies can and should do their best to bring risk down to an acceptable level. And once cybersecurity is under control, it becomes an enabler for the true promise of IT. “If you can be confident that your data, IP and networks are secure, you can feel much more confident about providing new services to your citizens,” says Romness. For more information, please visit: cisco.com/go/security. While it’s true no organization can ever be 100 percent cybersecure, agencies can and should do their best to bring risk down to an acceptable level. 1 w ww.isc2.org/fedcyberexecsur vey/default.aspx 2 w w w.nascio.org/Publications/ArtMID/485/ArticleID/413/2016-Deloitte-NASCIO-Cybersecur ity-Study-State- Governments-at-Risk-Tur ning-Strategy-and-Awareness-into-Progress 3 w w w.csoonline.com/ar ticle/3055012/techology-business/only-a -third-of-compa nies-know-how-many-vendors-access -their-systems.html 4 csrc.nist.gov/nice/framework 5 www.nist.gov/cyberframework
October and November 2016