Constituents have grown to expect convenient and reliable online services and public sector organizations are increasingly looking to the cloud to find ways to strengthen security while improving digital services. But to do so properly — creating a trustworthy, user-friendly and frictionless experience for the end customer — these services must have identity management and cybersecurity ingrained into their DNA. Join top leaders an...

OVERVIEW By the beginning of 2021, NIST will have released the finals of many Risk Management Framework (RMF) standards: SP800-53 Rev 5 – Security Controls SP800-53B – Security Control Baselines, Privacy Framework SP800-160 Vol 2 – Systems Security Engineering SP800-161 Rev 1 – Supply Chain Risk Management SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA) Revisions to the NIS...

The Newest Attack Vectors - Infrastructure as Code & API Security Moving applications and development to the cloud has delivered both operational and security benefits at scale. However, as organizations begin to automate their infrastructure deployments and configurations using Infrastructure as Code (IaC), a new attack vector has been introduced. In addition, the move to cloud-native architectures increases the use of APIs connecting cli...

DescriptionRobust, accurate, timely, structured, and relevant data that provides a unified view is a necessary requirement for sound business strategy. Agencies and industry alike need to know how to identify and match, correct, implement identity rules, enforce adoption of taxonomies and analytics and reference data while also establishing and communicating information policies and mechanisms to ensure effective data use with policies, rules,...

Zero Trust: Who’s in your network? In 2019, securely operating a distributed workforce was an ideal “wouldn’t it be great if,” and in 2020, this became a requirement. In the wake of the COVID-19 pandemic, cybersecurity teams found themselves frantically working to continue business operations in a suddenly perimeter-less environment. And that trend is likely here to stay, which means that cybersecurity and business lea...

ICIT Virtual Briefing | The Modern Security Battlefield While 2020 was fraught with tragic outcomes of social and economic proportions, security teams have learned many lessons on resilience and have orchestrated many technical innovations to secure a distributed workforce. An expanded attack surface, sophisticated breaches like the SolarWinds attack and a pressing need to improve operational efficiency, has reframed digital transformation pr...

SANS is committed to delivering high-quality cyber security training so you can keep your skills sharp and stay ahead of cyber threats. Join us for interactive training during SANS 2021 - Live Online (March 22-27, EST), and receive relevant, applicable training from wherever you are. Choose from over 30 interactive courses, plus three NetWars Tournaments delivered Live Online. SANS Live Online events offer live-stream, instructor-led cyber sec...

As the global pandemic continues and countries wait for a vaccine, estimates about when federal employees will return to their offices in force range from Summer 2021 to Never. Many organizations have discovered the advantages of telework and now plan on expanding its use, even when there is not a snowstorm or health crisis. Although some jobs require on-site personnel, the Office of Personnel Management said that 42% of federal employees are...

Strengthening the Federal information and communications infrastructure is essential to our national security and economic prosperity. Consequently, significant resources are being allocated to this effort. How then do agencies tackle the challenges they have long faced– legacy system interoperability, multi-vendor integration, and the rapid evolution of technologies and dynamic cybersecurity threats? In this session, learn how agencies...

The ongoing Russian APT attack underscores the importance of “securing our national supply chains," but what does that mean? What needs to be done, how can it be done and who needs to take action?​The 2020 Cyberspace Solarium Commission (CSC) Report says “implement an information communications technology industrial base strategy to ensure more trusted supply chains and the availability of critical information communications...