Lessons learned

State and federal security officers who regularly use online resources say volumes of security information can be both a blessing and a curse.

Free information, such as what's available from the National Institute of Standards and Technology and similar Web sites, isn't tailored for individual agencies, but it can provide an important starting point when addressing a new security concern, said Matthew Baum, computer security officer and acting director of information assurance at the Education Department in Washington, D.C.

A cultural change promoting greater information sharing among security officials is gaining steam, he added. "Security folks are starting to realize they're not working in a vacuum," he said. "If someone else has gone through some heartache, maybe you don't have to."

Nevertheless, cyberofficials must be selective. Don't blindly implement security procedures no matter how successful they may have been for another agency,

said Daniel Wood, chief of

information technology security for the National Labor

Relations Board in Washington, D.C.

"You can get inundated with information that is not applicable to your organization," he said. "It's important to employ controls appropriate for your agency, while

still remaining within guidelines of the federal infrastructure. Information on how a larger agency hardens up its [Microsoft Corp. Windows] 2000 environment helps us to determine what may be appropriate and applicable for our environment."

About the Author

Alan Joch is a freelance writer based in New Hampshire.

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected