FedRAMP Defined.
Author: TalaTek; Published: Feb 28, 2012; Category: Cloud Computing, Compliance, Continuous Monitoring, Federal Contractor, FedRAMP; Tags: Compliance, Continuous Monitoring, Federal law, FedRAMP; No Comments
On December 8, 2011, OMB issued the “Security Authorization of Information Systems in Cloud Computing Environments” policy, defining the Federal Risk and Authorization Management Program (FedRAMP). As the first steps in implementing FedRAMP, GSA published a revised set of security controls for Low and Moderate baselines (tailored specifically for cloud services) and released the FedRAMP Concept of Operations (CONOPS) on February 7, 2012. More Info»
To Achieve President Obama’s Proposed Cut in Federal IT Spending – While Strengthening InfoSec – the Answer Lies in the Cloud.
Author: TalaTek; Published: Feb 22, 2012; Category: Cloud Computing, Compliance, Continuous Monitoring, Cyber-security, Federal Contractor, FedRAMP, Information Security; Tags: Compliance, Continuous Monitoring, Cybersecurity, DHS, FedRAMP, Information Security; No Comments
A recent GovInfoSecurity.com article indicated that President Obama’s election-year budget calls for the strengthening of government cybersecurity while reducing overall information technology spending by more than a half-billion dollars.
The administrations’ budget, presented Monday, Feb. 13, calls for the government to cap spending on information technology, including IT security, at $78.9 billion in fiscal year 2013. That’s down from $79.5 billion for the current fiscal year, and significantly less than the $82.2 billion spent on IT in fiscal 2011. The Office of Management and Budget suggested that the reduction in overall information technology spending won’t diminish its cybersecurity efforts. More Info»
FOSE 2011 Report: Continuous Monitoring – More than technical controls.
Author: TalaTek; Published: Aug 2, 2011; Category: Compliance, Continuous Monitoring, Data Security, Federal law, Risk Management, Security; Tags: Compliance, Continuous Monitoring, Data Security, Federal law, Risk Management; No Comments
TalaTek began delivering FISMA continuous monitoring risk management services to its clients in 2008. At that time, this was something very few paid much attention to, and for the most part compliance efforts ended by signing the certification document. Customers were not interested in Continuous Monitoring services beyond that and instead waited for the annual or tri-annual anniversary to start the process all over again. More Info»
The White House wants DHS to play a larger role in cybersecurity.
Author: TalaTek; Published: Jun 5, 2011; Category: Cloud Computing, Compliance, Continuous Monitoring, Cybercrime, Cybersecurity, Data Security, Federal law, Security; Tags: Compliance, Cybercrime, Cybersecurity, Data Security, DHS, Federal law, Risk Management; No Comments
The administration is serious.
In one of the first signs of how seriously the current administration takes cybercrime, on May 12 the White House sent its cybersecurity legislation to Capitol Hill, asking for changes in the law. Specifically, the White House wants the Department of Homeland Security (DHS) to have more authority – and responsibilities – in overseeing both private-sector and government networks. Additionally, the White House asked for a national data-breach law, one that would supersede the current state-by-state laws. More Info»
It was inevitable: the WikiLeaks fallout has led to a White House-ordered review of classified data security.
Author: TalaTek; Published: Dec 1, 2010; Category: Compliance, Data Security, Risk Management, Security, Uncategorized, WikiLeaks; Tags: Compliance, Data loss prevention, Data Security, Risk Management, WikiLeaks; No Comments
In a Nov 30, 2010 Federal Computer Week story, it was announced that the White House has instructed federal agencies to immediately evaluate their security practices. The objective: to determine if they have adequate restrictions in place on employees’ access to classified data and their ability to copy classified documents onto mobile devices. More Info»
A costly, dangerous security breach can come from anywhere – but most often from the inside.
Author: TalaTek; Published: Nov 9, 2010; Category: Compliance, Continuous Monitoring, CUI, Data Security, Risk Management, Security; Tags: Compliance, Continuous Monitoring, CUI, Data loss prevention, Data Security; No Comments
On November 6, 2010, The NY Times ran an article about a security breach at the General Services Agency (GSA). It was not a small breach. One of the GSA’s employees had sent the names and Social Security numbers of the agency’s entire staff to a private email address. More Info»
TalaTek’s approach is validated at CyberSecurity Seminar.
Author: TalaTek; Published: Nov 3, 2010; Category: Compliance, Continuous Monitoring, Data Security, Risk Management, Security; Tags: Compliance, Continuous Monitoring, Data loss prevention, Data Security; No Comments
We couldn’t agree more.
Last month, TalaTek team members attended a conference offered by CyberSecurity Seminars in partnership with Crowell & Moring LLP. It had the intriguing title “FISMA – A New Path Forward.” What we heard was that others were beginning to use the approach we have been advocating since 2006. More Info»
We’ve come a long way since 2006.
Author: TalaTek; Published: Sep 29, 2010; Category: Compliance, Data Security, Risk Management, Security; Tags: Compliance, Data Security, GISLA; No Comments
In 2006, we recognized the need for an entirely new approach to risk management, security and compliance in federal IT implementations. That’s how TalaTek was born.
On the second of September, 2010, we learned that the Government Information Security Leadership (GISLA) Judges Committee had chosen our firm as a finalist in the Federal Contractor category (www.isc2.org/aboutgisla/default.aspx). More Info»