Keep your security chin up

NAPLES, Fla. — Agency officials should adopt a positive way of thinking when it comes to addressing system security, according to one expert.

Rather than focus on the countless ways a hacker can get into a system, agency officials should establish a "known good state," or understanding of what processes and applications need to be protected and protect them, said Charles Kolodgy, research director for security products at IDC.

"Let's start thinking positive in the sense that I have 10 things I need to do, so I will focus on those, not the 50 things the bad guys can do," Kolodgy said, speaking today at the Government CIO Summit sponsored by FCW Media Group. "As long as the system is in that state, then I am happy."

The outdated way of thinking was to build a firewall large enough that hackers couldn't get around it and into the system, Kolodgy said. However, the hackers will always find an innovative way to invade systems, so agencies need to move to what he called the positive security model, he said. Although agency officials should still use firewalls and reactive methods, they should also be proactive by assessing the agency's vulnerabilities and managing them, he said.

Information technology department officials who evaluate risk should consider vulnerabilities, the probability they will be exploited and the value of the asset to the organization, Kolodgy said. This will help agencies determine where to focus their resources when securing the systems.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.