by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2013
Full 10 question interview online at: fcw.com/2013Cybersecurity Cyber threats take many forms and come from many directions. But in many cases the target is the same: The data. That is why Derek Tumulak, Vice President of Product Management at Vormetric, says that whatever other measures agencies take, they need to ensure the security of that data. It's also vital to rely as much as possible on proven commercial technology and best practices, rather than building solutions from scratch. Vormetric on Cybersecurity QFor years, federal cybersecurity efforts have been shaped, at least in part, by the requirements of the Federal Information Security Management Act (FISMA). How do agencies balance the need for compliance with the demands of meeting evolving security threats? AI ve always felt that any security strategy should take a blueprint approach to addressing compliance requirements as well as actual security threats. That really speaks to best practices. If you take an approach where you are applying security best practices, you are going to address a large percentage of both compliance requirements as well as the evolving security threats that come your way. Meeting compliance doesn t necessarily mean you are secure, especially as the environment changes. Many people mistakenly assume that, because they ve checked off the boxes to meet regulations, they re safe. As an example, your data centers evolve, and you ve got physical and virtual security, and you ve got cloud environments added into the mix. I think it is having this blueprint in place is vital, so that when something new comes around, you are not starting from scratch -- you are instead applying, extending or enhancing your existing blueprint. QGovernment agencies nd themselves dealing with more and more advanced persistent threats. What kind of changes does this require in their cybersecurity posture? AAttackers employing APT-style attacks are just much more knowledgeable now; they are giving priority to a particular set of targets, and they have a clear objective in mind. This really requires government agencies to raise their level of sophistication in protecting against such attacks. Many solutions on the market today have been designed to prevent --- or at least reduce the likelihood of --- APT attacks. In addition to preventing or reducing APT attacks, governments can focus on the data itself. Typically, one of the primary objectives of any attack is to get access to sensitive information. Government agencies -- especially those that rely on distributed networks -- must prioritize the protection of their data through centrally managed encryption, strong key management and strict access policies. Particularly on the access policy side, if you can limit the amount of data that even a privileged user can access, that greatly reduces the impact of these types of attacks. Government security of cials must think beyond basic compliance and embrace holistic security best practices Derek Tumulak, Vice President of Product Management Sponsored Content