Keep your security chin up

NAPLES, Fla. — Agency officials should adopt a positive way of thinking when it comes to addressing system security, according to one expert.

Rather than focus on the countless ways a hacker can get into a system, agency officials should establish a "known good state," or understanding of what processes and applications need to be protected and protect them, said Charles Kolodgy, research director for security products at IDC.

"Let's start thinking positive in the sense that I have 10 things I need to do, so I will focus on those, not the 50 things the bad guys can do," Kolodgy said, speaking today at the Government CIO Summit sponsored by FCW Media Group. "As long as the system is in that state, then I am happy."

The outdated way of thinking was to build a firewall large enough that hackers couldn't get around it and into the system, Kolodgy said. However, the hackers will always find an innovative way to invade systems, so agencies need to move to what he called the positive security model, he said. Although agency officials should still use firewalls and reactive methods, they should also be proactive by assessing the agency's vulnerabilities and managing them, he said.

Information technology department officials who evaluate risk should consider vulnerabilities, the probability they will be exploited and the value of the asset to the organization, Kolodgy said. This will help agencies determine where to focus their resources when securing the systems.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.