Protect Databases from Security Threats and Automate Compliance

The whitepaper examines the critical challenges confronted by Federal government agencies associated with protecting database systems and the sensitive data they contain. Weak database security controls and threat detection has led to continued data breaches involving the loss of sensitive and critical information from Federal government computer systems. The whitepaper presents the security challenges and requirements faced by government agencies along with the need to adopt emerging technology such as cloud computing. The paper provides a series of use cases to overcome many of these challenges and outlines an enterprise solution that can be implemented today.

 Improving Security Vulnerability and Configuration Management through a Service Oriented Architecture Approach

Organizations have worked to reduce vulnerabilities and adapted new technologies to detect and prevent security threats. However, attackers continue to create new and innovative ways to achieve their objectives. Agencies have an unprecedented opportunity to move from discrete, disconnected, point security management and monitoring solutions to a holistic, integrated strategy. This paper examines approaches to detect and manage vulnerabilities in infrastructure, applications and software through commercially available technology and standards such as SCAP, Service Oriented Architecture (SOA) and Web Services to deliver significant cost savings and improved security management, situational awareness, performance measurement and compliance with FISMA and other security laws and policies.

 The Challenges and Solutions associated with Sensitive Data Classification and Protection

There are numerous forms of sensitive information processed by Federal Government agencies. If this sensitive information were inappropriately disclosed, browsed, or copied for improper or criminal purposes, it could be used to disrupt critical government operations or cause harm to an individual's privacy, personal freedoms or impact a corporation's business. Security incidents can undermine your agency resulting in diminished confidence, financial cost and impact on current operations. The whitepaper describes the forms of sensitive data and associated security implications and presents some of the common challenges associated with identifying, classifying and protecting this information. Solutions are presented for overcoming these challenges.

 Checklist to Assess Security in Federal Government IT Service and Outsourcing Contracts

This whitepaper examines the security threats and information technology (IT) security requirements associated with contracted IT services, Cloud Computing, and outsourced business processing. When Government agencies contract for these services, agency officials must ensure adequate security and compliance with a series of national security policies and standards. This paper provides a checklist to assist in reviewing current contracts and aid in planning for new acquisitions. Solutions are provided to enable Federal agency personnel responsible for IT, contracts, and business operations to perform these assessments, remediate non-compliance, address security risks and put in place sustainable cyber security programs.

 Does a SAS 70 Audit Address all the Requirements of FISMA?

As the Federal government increases its use of industry for outsourced services and business processes, the requirement for equivalent security certification and accreditation as measured by FISMA and NIST Special Publications is increasing. This whitepaper compares a common industry audit standard, called the SAS 70 Type II, to the requirements of FISMA and NIST. The paper identifies the gaps that Federal agencies and providers of these services and solutions must be aware in order to obtain the necessary security certification.