Cybersecurity philosophies have changed significantly over time to adapt to the changing needs of the organizations they serve. In the early days of cybersecurity, we focused on building boundaries between the “inside” and the “outside.” Users and devices that we trusted were placed inside network perimeters and granted largely unfettered access to systems and data within that environment. Those on the outside were untrusted and blocked from accessing sensitive resources. While that approach served us well for decades, it fails to meet the needs of increasingly mobile and cloud-focused organizations as well as increasingly sophisticated and covert threats and malware. The evolution of the perimeter of the network has made it difficult to draw lines between “inside” and “outside” effectively.

Zero-trust architecture (ZTA) represents a philosophical shift in cybersecurity planning that seeks to address this limitation by making trust decisions based on the identity of a user or device, rather than the location.

In my work with CDW customers, I often come across technology leaders who want to improve their cybersecurity posture but aren’t really sure where to start. They might recognize that their organizations need to improve their cybersecurity controls but don’t know where their investments will pay off the most.

When I hear concerns like this, I immediately look to the Cybersecurity Framework (CSF) developed by the National Institute of Standards and Technology (NIST). While there are many different cybersecurity standards out there, I prefer this one because it uses plain language to describe the five most important activities in cybersecurity. I’d like to walk you through this framework using two different examples.

Federal agencies are re-emphasizing the need to develop and deploy government cybersecurity solutions using the Risk Management Framework published by the National Institute of Standards and Technology.

Agency technology leaders bear responsibility for ensuring that their cybersecurity programs operate in compliance with the RMF. For organizations with little experience, this effort can be overwhelming , but taking a methodical approach to RMF implementation will yield significant benefits. Let’s take a look at three steps agency leaders can take to begin a robust cybersecurity program.

In years past, many organizations took a passive approach to cybersecurity. They’d sit back and wait for something bad to happen, then react to it. That approach is no longer acceptable for just about any organization. If you think your organization isn’t a target or that it doesn’t have anything that cybercriminals want, you’re wrong….