by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2013
Full 10 question interview online at: fcw.com/2013Cybersecurity Cybersecurity is never a case of business-as- usual. The cyber threats agencies face are more sophisticated than ever and continually evolving. But they are also addressable. Mike Papay, Vice President and Chief Information Security Of cer at Northrop Grumman, explains how federal agencies can defend their networks today while preparing them for the threats they will face in the years to come. Northrop Grumman on Cybersecurity QHow do agencies balance the need for compliance with the Federal Information Security Management Act (FISMA) with the demands of meeting evolving security threats? ATo strike a balance, we need FISMA reform to get requirements up to modern standards. Understanding the security "state-of-play" for information systems is essential in today's dynamic environment. We're at a point now where annual compliance checking isn't enough. Continuous monitoring versus just spot- checking once-a-year is critical to preventing adversaries from exploiting vulnerabilities that result from a static environment. But continuous monitoring is just a start. You need to look beyond your own borders --- to not only monitor yourself at the edge, but also to think about the threats coming at you. Whether you identify threats by sharing information with peers or by some other means, it makes you more proactive. That's why a continuous monitoring and threat assessment approach is so important. This approach will allow agencies to better evaluate the threat, automate processes to reduce costs, and track the security state of play. QGovernment agencies nd themselves dealing with more and more advanced persistent threats. What kind of changes does this require in their cybersecurity posture? AInstalling a couple of anti-virus and malware detection devices on your network won't mitigate the advanced persistent threat (APT). The APT drives you to a more integrated cyber solution. That means I've got to look at defense-in-depth as well as defense-in-breadth. Defense- in-depth means protecting the perimeter, the network, and then again at an end-point or mobile device. Defense-in-breadth means implementing multiple solutions at each layer of defense, from different partners. If it's a solution that's available off-the-shelf, then it's highly likely that the APT also has it, and knows how to get around it. Both for our own defenses and those of our customers, we advocate an architecture called The FANTM, which combines multiple layers of advanced defenses with the exibility to accommodate changing cyber policies, technologies, and threats without compromising speed. QCybersecurity experts increasingly talk about the importance of situational awareness, a term more familiar in the defense community. What does this mean in the context of cybersecurity? AThat is probably the question I get the most Mike Papay, Vice President and Chief Information Security Of cer, Northrop Grumman Corporation Sponsored Content