Keep your security chin up

NAPLES, Fla. — Agency officials should adopt a positive way of thinking when it comes to addressing system security, according to one expert.

Rather than focus on the countless ways a hacker can get into a system, agency officials should establish a "known good state," or understanding of what processes and applications need to be protected and protect them, said Charles Kolodgy, research director for security products at IDC.

"Let's start thinking positive in the sense that I have 10 things I need to do, so I will focus on those, not the 50 things the bad guys can do," Kolodgy said, speaking today at the Government CIO Summit sponsored by FCW Media Group. "As long as the system is in that state, then I am happy."

The outdated way of thinking was to build a firewall large enough that hackers couldn't get around it and into the system, Kolodgy said. However, the hackers will always find an innovative way to invade systems, so agencies need to move to what he called the positive security model, he said. Although agency officials should still use firewalls and reactive methods, they should also be proactive by assessing the agency's vulnerabilities and managing them, he said.

Information technology department officials who evaluate risk should consider vulnerabilities, the probability they will be exploited and the value of the asset to the organization, Kolodgy said. This will help agencies determine where to focus their resources when securing the systems.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.