MathCraft Newsletter Issue Q3 2019 – Associate Member of NCMS
2020 Will Be the Year of Risk Management
Managing risk begins with identifying and tracking vulnerable systems: the more systems multiply, the greater the risk. As such, today’s rapid development and proliferation of new technologies is often cited as the primary reason that risk is on the rise. But this analysis overlooks the greatest risk of all, and that’s people both inside and outside an organization.
Unlike technology assets, the threat of other human beings cannot be managed by checking off a box. That is why today’s organizations must move past rote compliance to a risk-based security strategy. According to a member of the newly formed Defense Counterintelligence and Security Agency” (DCSA), this is the mindset that security officers will need to embrace as 2019 draws to a close.
Update on the security clearance process from DCSA: Be patient and get ready for change – the Defense Counterintelligence Security Agency (DCSA) tells security professionals to prepare for changes in national security after it takes over the majority of clearance investigations in October. Read More
Enrolling more security clearance holders in continuous evaluation could save billions –a study from the RAND Corporation suggests that the government could save billions by enrolling clearance holders in Continuous Evaluation (CE), which costs as little as $5 per month. Read More
DoD Will require vendor cybersecurity certifications by this time next year – the Cybersecurity Maturity Model Certification (CMMC) will be mandatory for federal vendors by September of next year; this month, the Department of Defense (DoD) released a first draft for public comment. Read More
U.S. counter-spies launch campaign against ‘insider’ threats – declaring September ‘National Insider Threat Awareness Month,’ the National Counterintelligence and Security Center (NCSC) has launched a campaign to raise awareness of insider threats. Read More
5 signs your security culture is toxic (and 5 ways to fix it) – culture is the invisible hand that guides an organization’s cyber practices; Stacy Collett of CSO Online shares remedies to prevent complacency. Read More
DCSA’s Clearance Takeover is Almost Complete – What’s Next?
In April, President Trump signed a long-awaited executive order transferring security clearance investigations from the National Background Investigations Bureau (NBIB) to the DCSA, with a deadline of October 1st. In spite of some road bumps, the end is now in sight, and DCSA officials confirm that the transfer will be completed on time.
Trusted Workforce 2.0 should be fully implemented by the end of 2019, and the clearance backlog has already seen noticeable improvements: in August, the number of cases dipped below 360,000, down from 725,000 in April of 2018. While details are still forthcoming, the DCSA promises broader reforms to national security policy, suggesting continued momentum in 2020.
Vendors in the Hot Seat
The state of cybersecurity begins with hardware, and the DoD is taking that to heart. With the release of CMMC, vendors will be required to observe a framework that encompasses 18 cybersecurity domains in order to do business with federal contractors.
Earlier this year, President Trump signed Executive Order 13873, banning foreign-originating tech that presents a threat to national security or the “digital economy”. At the same time, the Commerce Department added Chinese telecom company Huawei and 70 affiliates to its list of banned entities, with more to be announced next month.
Always Prepare for The Worst
The job of an industrial security officer is inherently unpredictable, and that is why they must always prepare for the worst-case scenario. The goal of risk management is to anticipate the greatest potential threats and prepare a response to minimize damage and accelerate remediation.
But there are many factors in security that don’t easily fit into a risk management strategy – for instance, corporate mergers, organizational growth and lack of funding. Even in circumstances beyond their control, security officers must be prepared to protect critical infrastructure and information that directly impacts national security.
MathCraft is proud to present Respect. Direct. Protect., a survival guide to industrial security packed with tips, rules and insights to help security officers succeed in the face of serious obstacles. Download and read it today!
Effective on January 1st of 2018, all National Industrial Security Program (NISP) partners are required to comply with the Risk Management Framework (RMF) defined in the DSS Assessments and Authorization Process Manual (DAAPM).
The RMF module in Mathcraft’s Access Commander makes risk compliance easier by allowing FSOs to:
- Identify and monitor systems
- Record critical details
- Track personnel authorization
- Stay on top of latest guidelines
While security is more than compliance, it isn’t less. Staying on top of FISMA requirements is the first step to safeguarding your organization from threat incidents, and MathCraft is there to help you at every step.
MathCraft on the Road
Our team pulled double duty at the NITSIG Insider Threat Symposium & Expo and ASIS International’s GSX event in September. We enjoyed speaking with our peers. Please reach out to see how we can help transform your security operations!
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with 32 CFR Part 117, NISPOM Rule and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.