A risk assessment is the foundation of a comprehensive information systems security program. It is the process of identifying, analyzing, and reporting the risks associated with an IT system’s potential vulnerabilities and threats.

(more…)

This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).

(more…)

The United States Government faces increasingly sophisticated and persistent cyber threat campaigns that target its technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.

(more…)

With rapid advancement in technology, shifting cyber threat landscape and increased digitalisation, organisations may be exposing themselves to greater cybersecurity risks that may potentially have an adverse impact to their organisation and business objectives. Thus, it is imperative for organisations to manage these cybersecurity risks effectively. (more…)

The purpose of the Cloud Security Technical Reference Architecture is to guide agencies in a coordinated and deliberate way as they continue to adopt cloud technology. This approach will allow the Federal Government to identify, detect, protect, respond, and recover from cyber incidents, while improving cybersecurity across the gov enterprise. (more…)